A regular storefront is used by anyone in the world who wishes to give CMU money. A department develops their own web pages for their storefront. The department webpages will provide all of the details regarding the item they are selling. The website will also collect all order information from the customer, with the exception of the payment information. It will collect information such as shipping information, item(s) the customer wishes to purchase, calculate sales tax and shipping charges. An invoice number is also assigned by the department website.
The invoice number, the departments store number (which we assign), and the detailed item information is sent to the credit card application. This is done when the customer pushes a button on the department webpage and is then transferred to the credit card application. The customer enters their own credit card information on a standard html page, on the acisX secure servers.
When the customer hits submit, the information is validated, written to the credit card oracle database on typhoon, then sent to Cybersource. Cybersource does some validation, saves the data, and then passes the data to PaymentTech. PaymentTech records the transaction, and sends a response back to Cybersource. Cybersource saves the information, and sends the response back to us. The response is written to the oracle database on typhoon. An appropriate message is displayed to the customer. If the transaction is successful, the web page is the customer's receipt of payment. It displays the detailed order information which was submitted from the department.
The transaction goes through the following servers
| Dept Webserver | ---> | acis server | ---> | (oracle on typhoon) | ---> | ||
| acis server | ---> | Cybersource | ---> | PaymentTech | |||
| acis server | <--- | (oracle on typhoon) | <--- | acis server | <--- | Cybersource | <------ |
The customer sees the following web pages
| last dept webpage | ----> | Credit Card Collection Page | -----> | Credit Card Response Page |
A demo is located at https://acis.as.cmu.edu/cc/doc/example.html
The basic steps in authorizing a credit card purchase with both the storefront are as follows:
| Department Web Server | ----> | https://acis.... | ----> | https://acis... |
| Checkout page | ----> | Credit Card Collection Page | ----> | Credit Card Response Page |
A generic storefront is used only by people with pre authorized andrew ids. The generic storefront is intended to serve those departments who wish to process credit cards, but do not want their own ecommerce website. A good example would be a department who receives orders via phone or fax.
The process is almost identical to one described above. The only difference is that instead of a dept web server with dept web pages, the user goes to the acisX secure server and uses the generic store webpage. On the generic store webpage, the cmu user will enter the invoice number, and the individual item detail for the order. Then they will be taken to the standard credit card collection webpage, and processing will continue as detailed above.
Preauthorized andrew ids can issue refunds for their storefront. A user searches for the transaction on a secure acisX webpage.
An example of this webpage can be found at the following link. https://acis.as.cmu.edu:4443/cc/reports/search.html
When they find their transaction, they click "Issue a Credit Now". They enter the amount which they would like to credit, up to the full amount of the original transaction. When they submit the transaction, it is processed in the same way as described above.
The student interface is Student Information Online. They enroll in electronic checking by providing their bank account routing number, account number, and a brief description of this account. One business day later this account is available to them to make payments.
They can setup as many of these accounts as they wish. These accounts can be deleted at any time. One of these accounts can be designated as ‘refund’ accounts. The refund account can also be used to make payments. If a student is eligible for a refund from enrollment, instead of cutting a check, this refund account will automatically be credited.
When they wish to make a payment, they select the account from which to make the payment, by selecting the appropriate brief description. They enter the amount of the payment and the payment date. The payment date needs to be 1 or more business days in the future, not to exceed 1 year. There is a 5 pm Eastern cut off time for transactions to be processed on the current business day.
It appears as though enrollment is the only current credit card storefront who accepts re-occurring payments. Therefore there are no immediate plans to setup the echeck capability with any other departments.
Capturing the echeck enrollment and payment information from the student.
AcisX -> write to sis database on typhoon
To send the echeck enrollment and payment information to Mellon,
ftp to Mellon server and pick up summary reports
AcisX contains the following:
All access to utilities in /cc/reports is restricted to stores which the user is permitted to access
All cgis are written in C, unless described otherwise.
The test credit card app is located
/afs/andrew/as/acisweb/docs/test/cc
URL: https://acis.as.cmu.edu:4443/cc
The production credit card app is located
/afs/andrew/as/acisweb/docs/docs/cc
URL: https://acis.as.cmu.edu/cc
The source for the cc app on acisX is located in cvs in ~lm7g
The optional callback feature will use curl to connect to the department’s https server. The merchant_ref_no (invoice number) will be included in the URL, thus indicating that this transaction has been successfully processed by the credit card app. This feature is currently being developed for the SEI, with a production date of late Nov 2006. It will be available to any other store who wishes to use it.
Contains the following:
Public
/cc is the only part of the credit card app that’s “public facing”
Administrative Users
Can be granted access to
All restricted access is :
authenticated by pub cookie
authorized by data in the oracle tables.
The only exception is that access to the datafiles is
Authenticated by pub cookie
Authorized by python app.
Computing Services | 5000 Forbes Avenue Pittsburgh, PA 15213 | Office: (412) 268-2638 | Support: (412) 268-4357
