What is the difference between a generic storefront and a regular storefront?

Regular Store

• Can I customize the credit card collection & response pages to make them look more like my credit card storefront?
  
• Secure web server for collecting credit cards
  
• Department Information for Store Setup
  
• What needs to be on my "checkout" page?
  
• Example checkout pages & Sample output
  

Generic Store

• How does one setup a generic storefront?
  
• How long does it take to setup the generic storefront?
  
• Can we use both a generic and department storefront?

Gifts, Oracle Financials, Sales Tax

Customers, Back end Databases, Notification

Credits and Voids

Testing and Error Messages

Getting Started

Making Changes to Your Existing Store

Recent Changes

Overview of Department Storefront

The department's "checkout" page will link to a "credit card collection page", which will be a universal web page that ACIS will create and maintain. Limited customization of the credit card collection & response page is permitted by using a departmental header and/or footer file. The "credit card collection page" will ask the customer for their credit card number, expiration date, etc. All customers of all departments will be directed to the same page, in order to enter credit card information.

After the user submits the credit card information the "credit card response page" will be displayed. The credit card response page will contain a standard message indicating that the credit card has been approved or declined.

Customizing the Credit Card Collection & Response Pages

The header & footer filenames should contain the store number. For example, store number 10320 could have a header file named header10320riweb.html. The files should contain simple html, no javascript.

In order to setup your store to use header & footer files, the files need be emailed, as attachments to creditcard-info@lists.andrew.cmu.edu. We reserve the right to edit the html files if we deem appropriate before we upload them to the server.

The header and footer filenames are then specified as hidden variables that are sent to the credit card collection page.

Secure web server for collecting credit cards

Using Frames If your department's web site uses frames, and will call the credit card collection page within a frame, then your department's web site must be on a secure server. If you call the credit card collection page from within a frame, and your departmental web page is not on a secure server, the user's browser will not appear to be secure. For example, in this case, the lock that appears at the bottom of the Netscape browser will not be closed. The connection will be secure, but the user's browser will not appear to be connected to a secure server. This is only an issue if the credit card collection page is called from within a frame, that is hosted on a server which is not a secure server.

Department Information for Store Setup

We will require the following information for each department

• How would you like the name of your department to appear to the customer?
• Do you want daily outload file to be produced?
• Will you accept American Express ?
• Will these transactions be posted to the financial system through another feeder system?
• Administrative Contact Information
  • Name (for internal CMU use only)
  • Email Address
  • Phone Number
• Technical Contact Information, ie Webmaster (for internal CMU use only)
  • Name
  • Email Address
  • Phone Number
• A General Ledger String that will be used to charged Credit Card Fees to the dept
• A General Ledger String that will be used as a suspense account for transactions that have failed to be posted to the financial system.

• Department Name as it should appear to the customer
• Administrative Contact Phone
• Administrative Contact Email

Accepting Gifts

How will my transactions get into Oracle Financials?

What should we do if a customer contacts us?

How can I update my department backend database with the credit card information?

Detailed Outload File Information

What needs to be on my "checkout" page?

Note

• Substitute numbers for the X in the name above. (ie: item1_name, item2_name, item3_name...)
• Sales tax, shipping, handling, late fees, or any other additional charges should be sent as a separate item.
• If no notify_email is given, no notify email will be sent to the department. If several people would like to see the credit card transaction notification email, then the solution is to setup an email distribution list. Please disable any email filtering on this account. It is especially important to remove any filtering for non-ascii characters. Non-ascii characters such as an umlaut or tilde often appear in foreign names and addresses.
• No email will be automatically sent to the customer as a part of this transaction. The credit card response page will contain a standard response which will indicate
  • Success/Failure of credit card processing
  • Department contact information including email and phone number
  • If the transaction was successful,
    • A receipt of the goods/services purchased. This will list the item name, qty, price each and include an order total.
  If the departments wish to email the customer to provide additional information about the order, that will be done by the department.
• Users should take care to ensure that a full 25 character valid GL string is provided, including leading zero's. An example might be: 6710600000100000054000001 It's critically important that care is exercised to ensure that VALID & APPROPRIATE GL Strings are provided; otherwise, there will be delays in terms of processing revenue credits to your department.

  The GL String dissected: (in order)

  • Object Code (5 digits)
  • Funding Source (6 digits)
  • Function Code (3 digits)
    NOTE: Revenue Object Codes (6XXXX) must have a Function Code 000 or the transaction will fail the posting validation process.
  • Activity Code (3 digits)
  • Organization (6 digits)
  • Entity (2 digits)

• The post request for testing should be sent to https://ccard-submit-test.as.cmu.edu/cgi-bin/gather_info.cgi
• The post request for production should be sent to https://ccard-submit.as.cmu.edu/cgi-bin/gather_info.cgi

Example

To view the "Credit Card Collection Page", follow the above link and press the "Enter Credit Card Payment Information" button.

Sample Confirmation Email

Sample Results Page

How does this charge appear on the customer's credit card?

There is only 1 merchant identifier for the university, which greatly reduces costs. So regardless of the storefront which charged the customer, the customer's credit card statement will show the charge as
Carnegie Mellon Univ Pittsburgh PA

How can I get immediate notification of a successful transaction?

The merchant reference number of all successful transactions can be sent real-time to a pre-determined URL that you provide for your store number. This will provide your store with immediate notification for all successful transactions. In order to use this feature, the following criteria is required:

• Your merchant reference number must be unique for each transaction
• Your merchant reference number must be comprised of only digits
• The site which is to be sent the merchant reference number must be on a secure server.

Error Messages

• Transmission error while processing credit card.
• Please press the BACK button on your browser and correct the following information on the previous page. (Then the exact error message from Cybersource is displayed. For example: The following request field(s) is either invalid or missing: bill_zip
• The expiration date is invalid. This credit card has expired. Please press the BACK button on your browser and update the expiration date or enter a new credit card.
• The credit card number is invalid. Please press the BACK button on your browser and update the credit card number, or enter a new credit card number.
• This credit card has been declined.
• An error has occured while processing this credit card.
• No response was received from credit card authorization request.
• An error has occured while sending credit card information.

Documentation

When Submitting Transactions to the Test Server:

When the total credit card charge is between $1001.00 and $4000.00 on the test server only, this will simulate error messages. Complete list of amounts and associated errors

An invalid credit card number error can be generated by entering the credit card 4111111111111112.

The test environment will be continually available, even after a store is in production. The test environment consists of

• credit card processing (The ACIS test server sends transactions to the Cybersource test server)
• query tools (For viewing data in the test database)

What about sales tax?

If you are going to consider the use of the web for external sales, you certainly do need to be aware of the requirements for collection of sales tax.

How the process will work, though, is fairly straight-forward... for the "generic storefront" process, the sales tax will be manually calculated and added as a separate line, with the credit going to 4031500000000000000000101, which is a university liability balance sheet account to record this activity. Judy Cvejkus files and remits collected sales tax to the State. We're finalizing the actual procedures in terms of how this will be handled through the web application.

If a department has a "regular storefront", this functionality will need to be programmed into the page, such that items will need to be flagged as taxable or non-taxable (e.g., clothing is not taxable), tax will need to be calculated (7%), and then identified to the above-noted GL string for distribution.

Lastly, in terms of identifying taxable/non-taxable, Lisa Luffe (Manager of Financial Reporting & Taxation) can be a resource.

How can I issue a credit to a customer?

The search page will return a summary screen containing the Date, Name, Merchant Ref no, etc. Click the radio button that is in front of the transaction to be credited. Press the submit button at the bottom. This will display more detailed information about that transaction. Scroll to the bottom of that page. A button labelled "Issue a Credit Now" will be displayed. Press this and a screen will appear that will allow the amount to be credited to be entered.

Why is the 'Issue a Credit' screen asking for the credit card expiration?

Is it possible to cancel a charge, or a credit?

You can submit your request by emailing creditcard-info@lists.andrew.cmu.edu with the details of the transactions and the reason for the request. Someone from the credit card team will submit the request to the card processor.

What is the difference between a generic storefront and a regular storefront?

The difference between a regular storefront and a generic storefront is who is entering the credit card information.

A generic storefront can only be accessed by pre-designated andrew ids. It is meant to be used, for example, by admin staff who get credit card orders over the phone. The generic storefront is a generic web page, and does not require the store to create their own website.

A regular storefront is meant to be a self-serve application where the customer chooses their products and services and then completes the transaction themselves. In order to use the regular storefront, the department needs to create their own website, and host it on their own server.

One department can have both a generic & regular storefront with the same store number. This would allow the department, for example, to have customers signup and pay for a conference themselves through the website (using the regular storefront). The department can also process credit card payments from faxed payment forms (using the generic storefront).

Overview of Generic Storefront

The generic storefront is for use by authorized Carnegie Mellon University employees only. Access to this storefront will require an Andrew username and password. Generic storefront users will be setup by the Financial Services Group and will be associated with an store.

The purpose of the generic storefront is to replace traditional credit card terminals when most or all of the transactions are Card Not Present. For example, if a customer provides credit card information over the phone, the user can process the payment from their desktop. This provides immediate feedback to the customer, and eliminates the need to put confidential credit card information on paper.

The user logs into the website and brings up the generic storefront screen. In the example shown, the store has setup the generic storefront default values for

• merchant reference number
• confirmation email
• item name
• quantity

The transactions from the generic storefront are handled in the same way as transactions from the department storefronts.

• A confirmation email message is sent to the Confirmation Email address, if provided.
• The fees charged are identical to those for the department storefronts.
• The transactions are posted to the financial system through an automatic nightly process.
• A daily outload of commas delimited data is available.
• Query access to the data is available through the search page.

How does one setup a generic storefront ?

• The store setup must be done, if the store doesn't exist yet.
• A list of General Ledger strings must be submitted.
• The generic store defaults need to be setup.
• Users must be assigned to the generic store.

How long does it take to setup a generic storefront?

Once all of the data is submitted, setup will take less than 2 business days.

Can we use both a generic and department storefront?

Yes. It is possible to use both the generic storefront and a department storefront with the same store number.

How much is this going to cost?

For Visa & Mastercard
27 cents per transaction + roughly 2.0%

For American Express
27 cents per transaction + roughly 2.9%

Breakdown of fees

1) Bank Intercharge Rate This is where Visa/MasterCard/American Express charges the merchant to accept the card as a form of payment. These fees are variable based on a number of circumstances, but roughly will come in at around 1.9-2.1% for Visa/MasterCard, while it is roughly 2.9% for American Express In addition, we pay $0.10/transaction.

2) Paymentech This is our processor, who moves the funds between the cardholders bank and our bank. We pay a fixed .2663% (.002663) of the transaction amount.

3) CyberSource This is our third-party web source who provides us with the ability to process these credit card payments over the web. We allocate the university cost of this service currently at $0.17/transaction.

How do I get started?

• Please download this Information Request Word document

  Answer the questions, then

  Email the document to creditcard-info@lists.andrew.cmu.edu

• Please fill out the Generic Credit Card Storefront Request and/or the Regular Credit Card Storefront Request Form

  Your responses in these online request forms will be automatically emailed to creditcard-info@lists.andrew.cmu.edu, then

  Someone will contact you shortly.

Making Changes to Your Existing Store

• Store Name
• Administrative Contact Information
• Technical Contact Information
• If you want to stop or start getting a daily datafile
• General Ledger string used for fees
• Add or remove a user's access to the web search screen
• Add or remove a user's ability to issue credits or settle transactions
• For generic stores:
  • Add or remove a user's access to the generic store
  • Add or remove Revenue General Ledger strings in the generic store

Important Changes to credit card processing in MARCH 2007

When will this occur?

• Mon March 19th user testing begins
• Wed March 21st datafile available from new and old sites
• Fri March 30th user testing ends
• Sun Apr 1st Changes are moved into production, and current credit card sites get redirected to new site.
• Tues May 15th the redirection to the new site will be turned off, and datafiles will only be accessible on the new site.

Why is this being done?

• We are making these changes to enhance the security and reliability of the credit card application.
• Additionally, the credit card vendor has required us to upgrade the software used to communicate with them.

What will change?

• All web addresses (URLs) for the credit card application will be changed. The credit card application will be moved to dedicated machines with improved security, reliability, and performance.
• We are upgrading the release of the software that we use to communicate with the credit card processor. This will substantially improve the process of issuing credits.

What do I need to do?

• For those stores with a generic storefront
  • After April 1st you will need to use a different website address in order to access the generic storefront. That new website address will be https://ccard.as.cmu.edu/cgi-bin/generic_store.cgi
  • From April 1st - May 15th when you go to the old website address you will be automatically forwarded to the new site.
  • If you have set a bookmark for the address of the generic storefront, you should update it after April 1st.
• For those stores who use the "real-time notification" feature
  • You should perform testing with the new credit card test site to ensure that everything is performing as expected. The new credit card test site will be available as of Mon March 19th. The new credit card test site will be https://ccard-submit-test.as.cmu.edu/cgi-bin/gather_info.cgi Testing will end Friday March 30th.
  • If your server restricts the real-time notification based on IP address, it will need to be changed by April 1st. You will be provided with this information shortly.
• For those stores who use daily datafiles
  • You will need to download the datafiles from a new site. You can begin accessing the datafiles from the new site as of Wed March 21st. All of the old files, as well as new files will be available from both sites as of Wed March 21st. The new site for downloading datafiles is https://ccard.as.cmu.edu/cgi-bin/store.cgi
  • If you have set a bookmark for the address of the datafiles, you should update it after March 21st.
  • If you automatically download the datafiles please contact us for further instructions on required changes.
  • After May 15th, datafiles can only be accessed from the new site.
• For those stores who use a regular storefront
  • You should perform testing with the new credit card test site to ensure that everything is performing as expected. The new credit card test site will be available starting Mon March 19th. The new credit card test site will be https://ccard-submit-test.as.cmu.edu/cgi-bin/gather_info.cgi Testing will end Friday March 30th.
  • Between April 1st and May 15th you should update your website to use the new credit card site. If the old site is used from April 1st through May 15th the user will be automatically forwarded to the new site. After May 15th your website will STOP WORKING if you do not change your website to use the new website address of https://ccard-submit.as.cmu.edu/cgi-bin/gather_info.cgi
• For administrative users who issue credits and perform searches
  • After April 1st you will need to use a different website address in order to perform searches and issue credits. The new website address will be https://ccard.as.cmu.edu/search.html
  • From April 1st - May 15th when you go to the old website address you will be automatically forwarded to the new site.
  • If you have set a bookmark for the address of the credit card search site, you should update it after April 1st.

What will happen on April 1st?

Test Server
https://acis.as.cmu.edu:4443/cc/gather_info.cgi

Production Server
https://acis.as.cmu.edu/cc/doc.html
https://acis.as.cmu.edu/cc/gather_info.cgi
https://acis.as.cmu.edu/cc/reports/search.html
https://acis.as.cmu.edu/cc/reports/generic_store.cgi

Where can I find updated information about these changes?

Who do I contact if I have any questions?