[ Cash Management ]
Verisign - Web Payment Processor
The University of Pennsylvania has chosen Verisign as their designated web payment processor.
Verisign provides Penn with a secure solution for the processing of credit card payments.
Verisign authenticates billing addresses, stores credit card payment information, and
provides reporting tools to access the payment information. Credit card numbers for web
payments may not be stored on any Penn server. All of the credit card types & numbers
will be stored on the Verisign server. All departments using web credit card processing should review the
Penn security guidelines Security Standards for Web- based Applications With Sensitive Data at
http://www.upenn.edu/computing/security/standards/wwwsec.html.
For information on how to use Verisign web payment processor please reference the following sections:
Getting Started
This section describes the "how-to" steps for getting started with web credit card payments.
Choose a Verisign Development Option
This section contains information regarding the two web products offered by Verisign.
It is meant to be a general overview, but also contains some technical and programming
information. Review this together with your web development/support staff. Security requirements
are significantly reduced by utilizing the PayFlor link option, therefore, using this option
is strongly recommended. Additional product descriptions (Data Sheets) and e-commerce
guides (Guides) can also be found at
http://www.verisign.com/products/payflow/docs/.
Verisign offers two types of programming options for enabling web Credit Card payments:
Payflow Link
This option utilizes generic web forms that have been developed by
Verisign. All of the web forms/pages that are needed for the authorization and payment process are
Verisign-hosted. They are immediately available and no new forms need to be designed and developed.
You just cut and paste the supplied HTML code into your web site and it is payment-enabled.
Some items on the Verisign web forms can be personalized. You can define:
- Title area at the top of all payment forms contains the specified name; a logo is allowed.
- Page contents can be centered or left justified
- Color and image configuration is available
- Order Confirmation Page can contain your defined header and footer
- EMAIL options for notification back to the merchant and customer are available
- list the domain names (e.g. www.upenn.edu) from which orders can be accepted; if the Payflow Link
transaction did not originate from this domain it will be rejected
Additional information about basic features can be found at
http://www.verisign.com/products/payflow/link
Example Payflow Link processing screens (web forms) can be seen in the Payflow Link Getting Started
Guide. See the User Guides and Manuals section (below) to learn how to access the User Guide.
Payflow-Pro
This solution controls the communications between your web site
and the Payflow Pro server. The software is a TCP/IP option that passes data such as addresses, amounts,
approvals, etc. back and forth between the host web site and the Verisign server. Generic payment processing
web forms from Verisign are not available with this option; you must design and develop your own.
Additional information about basic features can be found at
http://www.verisign.com/products/payflow/pro.
Request a Web Merchant Account
To process credit card transactions a web Credit Card Merchant Account must be obtained from the
Office of the Treasurer. To obtain the Merchant Account Request Form, access
http://www.finance.upenn.edu/treasurer/forms/
on the web. It takes about 2 - 3 weeks to finalize the set up of the Merchant Account after the request form is submitted.
A fee schedule for credit card rates and Verisign charges can be obtained from the Treasurer's Office. There is a monthly
flat fee associated with each web Merchant Account. The monthly fees begin when the Go-Live status is activated. There is
no charge for downloading or obtaining Verisign software.
Verisign Registration
The Treasurer's Office will complete the Verisign registration upon receipt via e-mail of the web Merchant
Account Request Form. A Username/Password will be forwarded to the requestor. The Username/Password
is required before web application testing can begin.
Configure/Download Verisign Software
For the Payflow Link option, logon to Verisign Manager using the Username/Password obtained in Step 2.
Complete the Verisign preference form. This will designate options such as colors, title/heading, Email
notifications, etc. There is no software to be downloaded; refer to the Verisign Getting Started Guide.
Add the Verisign links to your web page and you are ready to test.
Payflow Pro software can be downloaded from Verisign Manager using the assigned Username/Password
obtained in Step 2. To obtain a current list of available platform & software options, contact Elaine Rymsza (898-4687) at ISC.
Install/Test Verisign Software
Ready to Go Live?
The Treasurer's Office will notify the requestor when the web Merchant Account has been set up.
The Verisign web payments can go live any time thereafter.
The Treasurer's office activates the Go-Live option at Verisign as specified by the requestor.
A few days prior to your actual GO-LIVE date, EMAIL the GO-LIVE date and time request
to kmcmulle@pobox.upenn.edu.
The requestor's Verisign account information will be changed from
a test status to a go-live status. The actual GO-LIVE process takes only a few minutes and is
immediately effective. You will receive your production Merchant Account number when the GO-LIVE
status is activated.
User Guides and Manuals
Verisign has developer and user guides available. They can be viewed on the web or printed using Adobe Acrobat.
If you currently have an active User ID name and password:
Logon to Payflow Manager at https://manager.verisign.com
Enter Partner Name, Login and Password
Click on Downloads (at top of page)
Select User Guide of choice (view using Adobe Acrobat)
If you have not yet registered for your User ID and password, Product User Guides are available from a Penn server.
These copies are only updated twice a year:
Payflow Link User Guide
Payflow Pro User Guide
Verisign Manager User Guide
A description of the three User Guides that are recommended for Penn use is provided below.
Verisign Manager
This is a Verisign web application which allows you to manage
your transactions, print reports, download software, modify your account information, enter your Payflow Link
options, etc. Everyone who will be working with the web payment process (both programmers and BAs) should
read this User Guide.
Payflow Link
This is called the Getting Started Guide. It is targeted
to assist the programmer with the software implementation. Large portions of it are also useful for
non-programming staff. This is a guide that everyone can understand. It contains such things as
- glossary of payment processing terms
- frequently asked questions
- fields stored in the Verisign database
- response codes returned, etc.
Payflow Pro
This is a Developer's Guide and is written for the programming or web support staff.
Programmers must access and refer to this guide for software implementation and testing.
Reporting & Transaction Processing
All reporting and transaction processing, such as voids and refunds, will be done over
the web using Verisign Manager. To access the Verisign Manager application:
Logon to Payflow Manager at https://manager.verisign.com
Enter Partner Name, Login and Password
Click: Login
The functions within Verisign Manager are:
- Account Info
- Security
- Search Utilities
- Transaction Terminal
- Reports
- Downloads
- Help
The Verisign documentation provides the best information on how to process payments and
use the available report options. Refer to the section on User Guides and Manuals to learn
how to locate the Verisign Manager documentation.
Usage Guidelines
This section provides guidelines for the use of Verisign web payment
products (Payflow Link & Payflow Pro) at the University of Pennsylvania. Policies included are:
- Address Verification
- Secure Web Site Required
Address Verification
Address Verification is required in all web applications using Verisign software for Credit Card payment processing.
Address Verification enables the University to guarantee that each transaction is eligible
for the same Fee Rate. A reduced rate for 'Card Not Present' with Address Verification is offered
by Visa & Master Card. Ultimately Address Verification reduces University expense. Address Verification was an identified requirement for the selection of web Credit Card
software. Vendors were excluded from selection based solely upon the fact that Address
Verification was not part of their payment processing. The issue of fraud and how to safeguard
the University was an important question. Even though Address Verification will not detect all
possible fraud, it is an important function. The University must utilize the opportunity to avoid fraud whenever possible. Address Verification is automatically included in the Payflow Link HTML software.
Consistency is achieved by requiring the use of Address Verification when using Payflow Pro software.
Secure Website Required
The major credit card companies such as Visa, Master Card, American Express and Discover
require credit card transactions over the internet to be processed from a secure web site. Discover,
for example, will access and verify the web site URL before issuing an internet merchant account.
To avoid the possibility of liability and chargebacks, all web credit card transactions processed at
Penn need to comply with this guideline.
Frequently Asked Questions
This section contains questions about web credit card payments from various
University departments. The question/answer section will be updated as needed.
Can I accept credit card payments from a web page at http://www.upenn.edu?
If your web page is under the www.upenn.edu domain, then you are not at a secure site.
Web credit card payments should only be accepted from a secure web site.
Will ISC provide a server with Verisign software on it for access by all University departments?
Verisign software is only needed if departments choose the Payflow Pro option. When
processing with Payflow Pro, execution should occur from a secure site directly to Verisign.
For security reasons, it is not recommended that Penn departments process to or through a common server.
Verisign offers multiple software options for many platforms. The software choice should be
based on application requirements such as security, performance, anticipated transaction volume
and hardware capabilities. Offering a common server solution could possibly prevent a best choice
scenario. The common server option would be used because it is convenient, not because it is the
right choice. Additionally, a common server solution provides no real cost savings to the web developer.
It would, however, add an additional layer of complexity for set up and testing.
Will a shared server option (similar to www.upenn.edu) be made available to the Penn
community for e-business applications?
ISC Networking will be reviewing this issue to determine if it can be reasonably supported.
If ISC Networking determines that support is possible, the project would need to be scheduled
and the server prepared. We will update the University community when decisions are made in this area.
|
 |
|
Finance Spotlights
Treasurer Offices
|
|
