Payment by Credit Card

We developed the credit card device to make it possible for you to allow your customers to conveniently pay for your services by using their credit card. If you want to use the credit card device, you will need to set up an account at a credit card authorization provider (detailed information below).

Please debit your own credit card at the terminal before your first customers/users do. This allows you to check if everything works as expected and if your settings and gateway passwords are correct!

1. Custom Script
   This option allows you to create an individual credit card payment solution for any credit card gateway.
2. Authorize.Net - http://www.authorizenet.com/
   Operating on the US market (recommended).
3. PayPal Payflow PRO - http://www.paypal.com/
   Operating world wide, multi currency option.
   Please note!
   The Payflow PRO Gateway requires the Microsoft .NET Framework to be installed on your PC. You may download the Microsoft .NET Framework at http://www.microsoft.com/net/. If SiteKiosk is already installed then please uninstall it, install the .NET Framework and after you did, install SiteKiosk again.
4. Moneris - http://www.moneris.com/
   Operating on the US and canadian markets.
5. SecurePay - http://www.securepay.com.au/
   Operating in Australia and New Zealand.
6. iPayment - http://www.ipayment.de
   Operating in Germany.
7. Securetrading - http://www.securetrading.com
   Payment service provider serving the British market (UK).
8. CreditCall - http://www.creditcall.co.uk
   Offering Chip and PIN solutions (UK).
   When using a magnetic card reader you need one that is able to read tracks 1 and 2, under SiteKiosk this does not apply to most generic ISO readers. To use Chip and PIN together with CreditCall and the Dione Secura card reader you need additional files: http://www.provisio.com/download/tools/chippin.zip.
9. Cardia - http://www.cardia.no/
   Operating on the scandinavian market. Will be replaced by DIBS during 2009.
10. DIBS Payment Service - http://www.dibspayment.com/
    Operating on the scandinavian market. Will replace the Cardia gateway in 2009.
11. 3cint - http://www.3cint.com/
    Operating in Sweden, Denmark, Finland, Germany, UK, USA and other countries.
    Please note!
    The 3cint (Web2Pay) Gateway will automatically be installed by the SiteKiosk installation as long as the Microsoft .NET Framework is available on your PC. Otherwise it will NOT be installed. You may download the Microsoft .NET Framework at http://www.microsoft.com/net/. If SiteKiosk is already installed then please uninstall it, install the .NET Framework and after you did, install SiteKiosk again.
12. DPS PaymentExpress - https://www.paymentexpress.com/
    Operating in Australia, New Zealand, Pacific Islands, Singapore, South Africa, USA and United Kingdom.
13. Magensa.net Payment Protection Gateway (MPPG) - http://www.magensa.net/
    Operating in USA and other countries.
    Please note!
    The Gateway is intended to be used with the special MagTek HID MagneSafe Readers (USB) which encrypt credit card data upon reading. This increases credit card security and helps you to obtain a possible PA-DSS certification.

The following credit cards are accepted: MasterCard, American Express, Diners Club, VISA, and JCB.

Quick links:

System Requirements
Installing the Hardware
Configuring the Payment Module
Troubleshooting

Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard, usually shortened to PCI, is a body of rules and regulations applied to payments that involve the processing of credit card transactions. The standard is supported by all major credit card organizations. It is the objective of the PCI Security Standards Council to increase security for payment and account information by providing information, training and educational advertising about the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.

All commercial enterprises and service providers who store, submit or process credit card transactions must meet the requirements of this standard. Please note that this standard is NO legal regulation. However, your point of acceptance may require you to obtain PCI DSS certification as soon as you start accepting credit cards as a method of payment at your terminals. If you fail to obtain this certification, acceptance of credit card payments may ultimately be denied. Compliance with the rules is usually validated based on the company's volume of sales (e.g. annual credit card transactions of 1 M or more).
Having your terminals certified according to the PCI DSS will ensure that you are in compliance with the standard. It is, unfortunately, not possible to obtain PCI DSS certification for individual software applications such as SiteKiosk as the certification always applies only to package solutions consisting of hardware and software (your kiosk terminal). Certification can only be obtained from an approved scanning vendor (ASV). For a list of certified ASVs, click here.
For more information, log on to https://www.pcisecuritystandards.org/.

Payment Application Data Security Standard (PA-DSS)

PA-DSS is a program under private law that is managed by the Council and originated in the program “Payment Application Best Practices (PABP)” which was managed under the supervision of Visa Inc. The objective of the PA-DSS is to support software providers and other vendors in developing secure payment applications which will not store any forbidden data such as complete magnetic strips, CVV2 or PIN code data and offer compliance with the PCI-DSS. PROVISIO GmbH guarantees that the original version of the "SiteKiosk" application they ship will not store any credit card information. As credit card information will only be transferred to a credit card gateway "certified in accordance with the PCI-DSS" via an HTML form, the SiteKiosk application itself cannot be certified in accordance with the PA-DSS. Also: Even if you use applications that are certified in accordance with the PA-DSS, you will still have to obtain PCI DSS certification.

 

System Requirements

Hardware
Although the credit card information can be entered manually, we recommend using ISO magnetic card readers that are able to read from track 1 (Exception: CreditCall). As of now, the following devices are supported:
1. All generic ISO magnetic card readers featuring RS232 interface (COM)

2. Emulation by keyboard (Magnetic stripe card reading keyboards) (usually PS2)
   Some magnetic card readers merely transmit keyboard signals. SiteKiosk supports these special readers provided the corresponding driver can precede the card information with a certain set of characters:
   
   • Cherry G81-7000/8000 series
   • Semtek Manual Insert Card Reader USB
   • MSR 210 USB from Uniform Industrial http://www.uicusa.com
   • OMNI Combined Bar Code/Magnetic Stripe Reader from ID TECH http://www.idtechproducts.com
   • SPECTRUM III MOIR Insert Magnetic Stripe Reader from ID TECH http://www.idtechproducts.com
   • MiniMag II, MagStripe Reader (IDMB-3341xx series) from ID TECH http://www.idtechproducts.com
   
   

3. Type: Swipe Card Readers
   • Producer: Magtek http://www.magtek.com
     Model: Magstripe Swipe Card Reader Mini Port-Powered RS-232 & Mini USB (HID)
     Model: Sureswipe (Part Number: 21040140) Reader HID (USB)
   • Producer: Semtek http://www.semtek.com
     Model: Mini-Swipe Magnetic Stripe card readers RS-232
   • Producer: Cherry http://www.cherrycorp.com
     Model: Cherry G81-7000/8000 keyboard with Magnetic stripe card reader (keyboard emulation)
   • Producer: ID TECH http://www.idtechproducts.com
     Model: MiniMag II, MagStripe Reader (IDMB-3351xx series, requires OPOS driver from ID TECH)

4. Type: Insertion Card Readers
   • Producer: Magtek http://www.magtek.com
     Model: Magstripe Insert Card Reader MT-215 RS-232 & USB (HID)
     Model: IntelliStripe 65 RS-232 and USB (direct & emulated COM-Port versions)
   • Producer: Semtek http://www.semtek.com
     Model: Manual Insert card reader RS-232
     Model: Manual Insert card reader USB (keyboard emulation)
   • Producer: ID TECH's http://www.idtechproducts.com
     Model: Spectrum RS-232 Hybrid Partial Insert Card Reader
   • Producer: Uniform Industrial http://www.uicusa.com
     Model: MSR 152 RS-232 and MSR 152 USB
   • Producer: Dione/VeriFone http://www.verifone.com
     Model: Dione Secura PINPad RS-232 (for Chip and PIN)

5. Type: Motorized Card Readers
   • Producer: Magtek http://www.magtek.com
     Model: IntelliStripe 310, 320, 380 RS-232

6. Type: MagneSafe Readers The MagneSafe readers directly encrypt the card data when reading a credit card. This increases security and helps you with a possible PA-DSS certification. Please use together with the Magensa.net Payment Protection Gateway (MPPG).
   SiteKiosk supports MagneSafe V5 compatible HID readers with Security Level 3. Please contact Magtek for further information.
   If you are using this secure reader type please disable the option to manually provide the credit card data, because the manual input cannot be encrypted the same way the MagneSafe reader encrypts the credit card data.
   • Producer: Magtek http://www.magtek.com
     Model: MagTek HID MagneSafe Readers (USB)
 


Software


1. WinXP/Vista/7
2. Internet Explorer 6.0 or higher
3. SiteKiosk PAYMENT BUNDLE

 

Installing the Hardware

In general
If you want to employ the credit card solution in combination with a card reader, please install and configure the hardware corresponding to the requirements of the device you want to use.

 

Configuring the Payment Module

In general
Open the configuration tool and go to "Payment Devices". Select the entry "Credit Card: ISO/MagTek/etc." from the list of available devices and activate it by clicking on Activate or by clicking on Configure and checking the option "Enable Credit Card Payment". Anyway, you have to click on Configure for further options (see below).

You will need access to a payment processing gateway if you want to be able to use the credit card device because credit card debiting over the Internet is only possible through them. Here is how the payment process usually works:


1. The customer enters the credit card number or swipes the card through the reader to provide the necessary information.
2. The information stored on the card and the amount due will be sent online to the payment processing gateway along with your merchant ID.
3. The payment processing gateway will check the information and the amount and will, if the checking process succeeds, debit the amount due and credit it to your merchant ID.
   Advantage: False or stolen credit cards will automatically be rejected.
4. The payment processing gateway will send feedback whether the amount could be debited or not. Best of all, this process will only take a few seconds!
5. If the checking process is completed successfully, SiteKiosk will automatically credit the amount to the account of the Internet terminal.
6. A few days later, you will receive a credit note on your bank account (minus the fees charged by your credit card company (MasterCard, Amex, etc.) and the payment processing gateway).
Some gateways allow to send comments or descriptions. In order to let a number of terminals use the same configuration while the comment/description can be used to indentify a single terminal you can use $(computername) for the computer name, $(computerguid) for the computer GUID, $(ipaddresses) for the IP address of the terminal and $(fqdn) for the Fully Qualified Domain Name of the computer.

Payment Gateway Selection
You can choose from seven different payment processing gateways for handling all credit card transactions at your terminals. Please contact the provider of your choice in case you have any further questions concerning your account:


SETTINGS CUSTOM SCRIPT

The custom script allows you to implement an individual credit card payment solution, e.g. transferring the card data to an existing payment/shop system, or any credit card gateway. The communication with the gateway needs to be done according to the Software Development Kit (SDK) provided by the gateway. The SiteKiosk Object Model must be used to add the credit under SiteKiosk.

If manual input of the credit card data is used the transaction with the gateway must be done according to the SDK of the gateway. After the successful transaction the SiteKiosk.Plugins("SiteCash").Credit(amount) function of the SiteKiosk Object Model can be used to book the amount in SiteKiosk.
If a credit card reader is used SiteKiosk fires the SiteKiosk.Plugins("SiteCash").Devices("CreditCard").OnCardSwiped = handler event if a card has been swiped. SiteKiosk then provides access to the card data. Please proceed as described for manual input.

Example:
The following example writes the credit card number to the SiteKiosk log file after a card has been swiped.


creditcard = SiteKiosk.Plugins("SiteCash"). Devices("CreditCard"); creditcard.OnCardSwiped = OnCardSwiped; function OnCardSwiped(ccardinfo) { SiteKiosk.Logfile.Notification ("Credit Card Number: " + ccardinfo.Number); }

SETTINGS SecureTrading



• Account Settings
  After applying for a merchant account at SecureTrading, you will receive the following information:
  • Your SecureTrading site reference
    Please enter the ID into the field Your Site Reference
  • Your SecureTrading user name
    Your user name for your merchant account
  • Your SecureTrading password
    Password to your merchant account

• Transaction Settings
  If you want to automatically receive a receipt on every credit card transaction, check the box "Activate Secure Trading's confirmation e-mails".

  The Card Security Code Validation (CVC) is available as an additional security option.

• Accepted Credit Cards
  You can choose which credit cards will be accepted by SiteKiosk. Simply select the desired cards by checking the corresponding options.
  success8.html and failure8.html
  In order to make your account work, go to the "File Manager" category of your merchant account and upload the files success8.html and failure8.html, which you will find in SiteKiosk's installation directory under ..\SiteCash\CreditCard\HTML\SecureTrading.

SETTINGS Cardia



• Account Settings
  In this option, specify your Merchant Token, which you have received by Cardia after registration, and a custom Store Name in order to configure credit card payment with Cardia. Optionally, you can enable refunding of remaining money on logout.

• Accepted Credit Cards
  You can choose which credit cards will be accepted by SiteKiosk. Cardia only supports Visa and Mastercard / Eurocard.

SETTINGS DIBS Payment Services



• Account Settings
  For DIBS you need to state Merchant, Login ID and password.

• Accepted Credit Cards
  You can choose which credit cards will be accepted by SiteKiosk. Simply select the desired cards by checking the corresponding options.

• Global Settings
  For increased security you may use an optional MD5 signature.
  The Card Security Code Validation (CVC) is available as an additional security option.

• 3-D Secure Settings
  If your payment gateway account supports 3-D Secure you can activate this feature here. The timeout determines how long SiteKiosk should wait for the user to type in the 3-D Secure password.

SETTINGS Authorize.Net



• Card Present / Not Present
  Authorize.net offers better conditions if you only allow the Credit Card Present payment option. In this case, customers can not type in the credit card number but they have to use a magnetic stripe reader. Please note that keyboard emulation readers are not supported. If you like to use this option, choose it when you sign up your Authorize.Net account.
  Important: If you want to enable only the Credit Card Present payment option, you also have to disable the option "Enable manual input of credit card information" in the main credit card dialog of SiteKiosk.

• Account Information
  Fill out the fields with the information you received from Authorize.Net.

• Accepted Credit Cards
  You can choose which credit cards will be accepted by SiteKiosk. Simply select the desired cards by checking the corresponding options.

• Global Settings
  
  • Enable Test Mode & Send Description
    Authorize.Net also allows you enable a test mode by means of which you can carry out billing without actually debiting the card. Optionally, you can send a Description (free defined text) with each transaction. This information will help you to understand from which terminal which transaction has been done.

  • Verify MD5 signature of gateway's response & Send referer URL
    Optional is the MD5 (makes sure that the server is the right one, regarding phishing) signature as well as the referer URL. Authorize.Net can arrange for you to receive this additional information. But be careful. It is possible that a transaction would be approved despite the MD5 values are not matching. The MD5 Hash security feature enables merchants to verify that the results of a transaction received by their server were actually sent from the Payment Gateway. The MD5 value is only intended to protect the merchant against hackers who have set up servers which transmit credit card approval notifications to the merchant interface. The MD5 value is not intended to secure the credit card charge itself. That means for our software: When SiteKiosk receives the notification that the MD5 values don't match, the credit card of the customer has already been charged. There is nothing we can do about that. However, no access to the internet is being granted because it seems with this credit card transaction there is a case of fraud since the MD5 values did not match. So please make a test drive first!!

SETTINGS iPayment



IPayment provides you access to your own personal online admin menu. As this menu can be run in test mode as well, you can practice booking amounts without actually crediting them to a user's account.
• Account Information
  Fill out the fields with the information you received from iPayment.

• Accepted Credit Cards
  You can choose which credit cards will be accepted by SiteKiosk. Simply select the desired cards by checking the corresponding options.

• Global Settings
  You can define the text that is to appear on your customer's credit card bill (will NOT appear in your transaction report). However, the information given under 'Send comment with transactions' will appear in your transaction report you receive from iPayment along with the computer's IP address and the time and date of the transaction (provided you want those information to be included).
  The Card Security Code Validation (CVC) is available as an additional security option.

• 3-D Secure Settings
  If your payment gateway account supports 3-D Secure you can activate this feature here. The timeout determines how long SiteKiosk should wait for the user to type in the 3-D Secure password.

  I-Payment will ignore credit card transactions that follow in rapid sequence if they have the same IP address. However, if you use a router, you may have to disable this function. In order to do that, you will have to open SiteKiosk's configuration file and alter the following line:
  <disable-fraud-detection>false</disable-fraud-detection>
  Set this value to "true."

SETTINGS PayPal Payflow Pro



• Account Information
  Please open https://www.paypal.com/us/cgi-bin/webscr?cmd=_payflow-gateway-overview-outside and sign up for a merchant account. After you received your e-mail confirmation of your Payflow Pro Free Trial, fill out the fields within this section.

• Accepted Credit Cards
  You can choose which credit cards will be accepted by SiteKiosk. Simply select the desired cards by checking the corresponding options.

• Global Settings
  Payflow also allows you to enable a test mode by means of which you can carry out billing without actually debiting the card. Optionally, you can send a comment (free defined text, do not use special characters) with each transaction. This information will help you to understand from which terminal which transaction has been done.
  The Card Security Code Validation (CVC) is available as an additional security option.

SETTINGS Moneris Solutions



• Account Information
  Fill out the fields (Store ID and Api Token) with the information provided by the registration at Moneris (Sign up here).

• Accepted Credit Cards
  You can choose which credit cards will be accepted by SiteKiosk. Simply select the desired cards by checking the corresponding options.

• Global Settings
  Moneris also allows you to enable a test mode by means of which you can carry out billing without actually debiting the card.

SETTINGS SecurePay



• Account Information
  Fill out the fields (Merchant and Password) with the information provided by SecurePay.

• Accepted Credit Cards
  You can choose which credit cards will be accepted by SiteKiosk. Simply select the desired cards by checking the corresponding options.

• Global Settings
  SecurePay also allows you to enable a test mode by means of which you can carry out billing without actually debiting the card.

SETTINGS 3cint (3CWeb2Pay)



Requires Microsoft .net Framework
At 3CIntegra Web2Pay you have to type in your Merchant-ID and your Validation Code. 3cint will provide you this information. Please make sure that you ask for the V4.0 version of the credit card interface (API) when you order your account.
Optionally, you can send a Merchant Category (free defined text) with each transaction. This information will help you to understand from which terminal which transaction has been done.

SETTINGS CreditCall



Please fill in the fields for Terminal ID and the CreditCall key. Change the Server URL field to the URL assigned to you. By default the field for Server URL contains a CreditCall test URL that you can use together with the test mode. Note that CreditCall may change that URL.

The Card Security Code Validation (CVC) is available as an additional security option.
If your payment gateway account supports 3-D Secure you can activate this feature here. The timeout determines how long SiteKiosk should wait for the user to type in the 3-D Secure password.
To use Chip and PIN please select for example the Dione Secura card reader on the main credit card options page and select the setting Use an ICC reader.

SETTINGS DPS PaymentExpress



Please fill in the fields for user name and password.
Optionally, you can send a comment (free defined text, do not use special characters) with each transaction. This information will help you to understand from which terminal which transaction has been done.
The Card Security Code Validation (CVC) is available as an additional security option.
If your payment gateway account supports 3-D Secure you can activate this feature here. The timeout determines how long SiteKiosk should wait for the user to type in the 3-D Secure password.

SETTINGS Magensa.net Payment Protection Gateway (MPPG)

Please fill in the fields for the Host and Merchant data. Contact Magensa.net to create your account (Registration) and obtain the data. When creating your account please state that you want to use it with SiteKiosk by PROVISIO.
The Card Security Code Validation (CVC) is available as an additional security option.
Optionally, you can send a comment (free defined text, do not use special characters) with each transaction. This information will help you to understand from which terminal which transaction has been done.

Input Options
This option refers to the way the user can provide card information. SiteKiosk supports two different types of input:

• Enable manual input of credit card information
  We implemented this option in order to make it possible for you to employ this method of payment even though you did not connect a magnetic card reader to your system. If you choose this option, the user will have to enter card information by hand in order to make use of this payment option.

• Use a magnetic card reader
  SiteKiosk provides support for all generic RS232 (COM port) magnetic card readers. At present, the only supported USB device is a card reader by MagTek. Make sure that the reader you want to employ is at least able to read the first data track.

  You can check if the reader you connected is ready by pressing the Test button.

• Use an ICC reader
  Enable the ICC reader (integrated circuit card reader) option if you for example want to use the CreditCall Chip and PIN solution with the Dione Secura card reader.
  

Payment Dialog Boxes
The user will see the payment dialog box immediately after the card is swiped or ENTER is pressed in the payment dialog box.

• Minimum amount
  You can set a minimum amount that will be charged to your customer's credit card if this method of payment is used. As a result, the customer will not be able to choose an amount that is lower than the one you specify here.
• Maximum amount
  You can set a maximum amount that will be charged to your customer's credit card if this method of payment is used. The customer will, therefore, not be able to choose an amount that is higher than the one you specify here.
• While picking amount, change value in increments of X
  Your customer can use PLUS and MINUS buttons to decide on the value of the debit amount. This option lets you specify the increments by which the amount due is supposed to be raised and lowered, respectively, as soon as the user presses the MINUS or PLUS button.
• Charge an additional fee for paying by credit card (processing fee)
  This option lets you specify an additional surcharge (fee) for credit card payment. This fee will not be credited to the surfing account and serves the purpose of passing on to your customers the additional costs you will have to cover for the credit card transaction.

E-Mail Receipt Settings
The Payment Module also allows you to send an E-Mail receipt to your customers when a transaction is completed.

• Enable E-Mail receipt
  Provided the box is checked, the customer can have a receipt about the completed transaction sent by e-mail (optional). Please note that since the Payment Module will apply the general e-mail settings you specified in the configuration tool, you will have to make sure you entered the necessary account information under "E-Mail." Note that it may be necessary to change the e-mail encoding to Unicode (UTF-8) to correctly display currency symbols.
• Edit E-Mail receipt template
  You can adjust the receipt template to your individual requirements. The template's default body is written in English. Note that the values in curly brackets will automatically be provided by the system:

  Thank you for using our service! This is an automatic receipt for payment of Internet terminal usage. Please keep it for your records. Merchant: {0} E-Mail Contact: {1} Transaction Date/Time: {2} Description: Usage of Internet Terminal Credit Card Used: {3} Total Amount: {4}

  • {0} = String you specified under Merchant.
    This usually is your company name.
  • {1} = String you specified under E-Mail address.
    This will allow your customers to contact you should they, for example, have any questions.
  • {2} = Auto value: Date and time of the transaction.
  • {3} = Auto value: employed credit card number. For security reasons, parts of the number will be depicted as XXX.
  • {4} = Auto value: Amount debited to the card.

  In some cases, you might want to include your complete company address in the text.

 

Troubleshooting

Credit cards are not being recognized

1. Check the connection between card reader and PC
2. Check the settings for the card reader and carry out a test by pressing the Test button

Credit card information is not being transmitted


1. Check the information you received from your gateway provider
2. Check whether the corresponding cards have been activated