Intergration of Mastercard Gateway in Australia

[tez]

that would be cool.
I don't need to store the credit card numbers, not even parts of them I guess. They are stored in the CBA logs I imagine anyway. But processing the card numbers on the shop site or the CBA site is fine - customers like it both ways.

[toivo]

Hopefully the Merchant Hosted sites follow the Payment Card Industry (PCI) Data Security manual:  http://www.mastercard.com/us/wce/PDF/10172_MasterCard_PCI_Manual.pdf

Mind you, the writing is on the wall for retailers not to store the card numbers:  http://www.darkreading.com/document.asp?doc_id=135602

[tez]

It looks like function get_order_number() will return larger than 34 characters as it joins user ID with the md5 of session and time. Commbank does not like that, should I truncate it to 34 characters? I'd imagine then it would break the confirmation part of the returned data from the Commbank server.

This is related to the error I get,

Code Select Expand

vpc_Message=Field+vpc_OrderInfo+value+%5B62_54387a77d194af18135d9c6b6a74d1f3%5D+is+too+long.+The+maximum+field+length+is+34+chars.

If customer ID was only 1 character it would work, but yeah that wouldn't last long.

[tez]

Another question:

When using the TEST merchantIDs does it always decline non-testing credit card numbers?
I keep getting vpc_TxnResponseCode = 2 and vpc_AcqResponseCode = 14 (meaning Invalid card number (no such number) )

[toivo]

That seems to be the case.  I used my test merchantID with a transaction ending in .00 and a valid Mastercard, and got response code 1 -Unspecified Failure.

[toivo]

It looks like function get_order_number() will return larger than 34 characters as it joins user ID with the md5 of session and time. Commbank does not like that, should I truncate it to 34 characters? I'd imagine then it would break the confirmation part of the returned data from the Commbank server.
This is related to the error I get,

Code Select Expand

vpc_Message=Field+vpc_OrderInfo+value+%5B62_54387a77d194af18135d9c6b6a74d1f3%5D+is+too+long.+The+maximum+field+length+is+34+chars.

If customer ID was only 1 character it would work, but yeah that wouldn't last long.

I am using the variable $order_number which is the field order_number in the table jos_vm_orders and 32 characters long.  I think that is unique enough for security and reconciliation purposes. 

When the order number is returned with the response from the gateway, I check that the order number exists in jos_vm_orders and that the order status is Pending.  If the order status is something else, an error is logged and the order status remains unchanged.

[d1023319]

Hi,
I was reading with interest this threat especially about the ps_migs file.

FYI - I have a joomla 1.5 test site and I have my test ANZ egate working with the supplied files, i.e.
VPC_PHP_3P_DR.PHP
VPC_PHP_3P_DO.PHP
VPC_PHP_3P.HTML  = leads to card entry screen?
VPC_PHP_QueryDR.PHP
VPC_PHP_QueryDO.PHP


My question is - does the PS_migs replace the above files to integrate into ANZ egate, as it mentions inserting the hash info  or would I directly link the payment type of credit card to the VPC_PHP_3P.HTML.


Cheers

[toivo]

If you are working in a Bank Hosted scenario where you pass the user session to the MIGS site for the entry of the card information, ps_migs is not going to help because it is meant to request the card details in VirtueMart and pass them to the MIGS gateway.  In other words, it uses the Merchant Hosted mode of  operation.

The admin part of ps_migs.php inserts the secure secret hash from the ANZ Merchant Administration to the ps_migs.cfg.php from where it is read before calculating the hash total for the request and also before verifying the hash from the response received from the bank.

The sample modules from the VPC Development Kit are useful in testing and getting the algorithms for the hash calculation integrated into VirtueMart.

Regards,

[d1023319]

Hi

Thanks for your prompt reply.

FYI - Eftpos New Zealand has approved NZ Business Platforms for implementation using the Server Hosted  processing model only.


Cheers

[tez]

I still have trouble with the function process_payment()
The $order_number value always seems to be a long string which is not related to the order ID, it always starts with the same number (62_ in my tests). It shows up in the CBA "Merchant Administration - Order List" under the "Order Reference" column - but this is not good to cross-referencing payments at all because it doesn't relate to anything, weird?.
edit: realised that the 62_ part is  userID, still weird though, shouldn't $order_number be related to order_ID?

I know that order_number is stored in the database, but since MIGS can't handle more than 34 characters does it matter that it does not match?

Is "refund" from within MIGS administration meant to affect virtuemart in any way?

[toivo]

The MIGS Administration is separate from VirtueMart but if a confirmed transaction is refunded, a similar operation may have to be done fron the back end of VirtueMart, to maintain accurate the stock figures and keep the auditors happy.

You must be using the Merchant Hosted model of operation if you are  working on process_payment().  My integration of the VPC to VirtueMart works in the Bank Hosted mode.

[foxweb]

Hi,
I have just integrated the ANZ eGate MIGS Virtual Payment Client with Joomla eCommerce release 1.0.15, using the Bank Hosted mode of operation.  The solution utilises the configuration functions from findshorty's ps_migs.zip module, the request and the receipt cover the essential parts of the sample code from the VPC Developers Kit.
The receipt module:
- validates the hash
- checks that the order number exists
- checks that the order number is not a duplicate
- writes the response from the bank to a transaction log
- sends the email only if the card transaction was approved
As an added bonus, the shopper details are posted as a weblead to Salesforce.com.
If anyone is interested, drop me a line  :-)
Best Regards,

Hi Toivo, I am integrating ANZ egate with Virtuemart and would love to see your bank hosted module if you could post it or email it to me. Thanks a million.

[toivo]

Hi,

Here is the MIGS Bank Hosted implementation for VirtueMart 1.0.15 with installation instructions, for ANZ eGate, CBA CommWeb and other bank gateways using the MIGS system.

2008-07-02 Version 1.0
2008-07-18 Version 1.0.1 fixes problem with freight missing from card total

Regards,


[attachment deleted by admin]

[foxweb]

Hi,
Here is the MIGS Bank Hosted implementation for VirtueMart 1.0.15 with installation instructions, for ANZ eGate, CBA CommWeb and other bank gateways using the MIGS system.
Regards,

Hi Toivo,
Thanks for putting that on the forum. In the file ps_migs_pay.php I needed to change line 193 to 'return true;' rather than just 'return;'.

Hopes this helps others if they are having trouble.

[toivo]

Hi,
If you follow the instructions on page 8 and remove 'ps_migs_pay' from the Payment Class Name, it will work. 

Using 'Address only / Cash on delivery' is a workaround to skip the payment processing.

Regards,