Home → Questions →

transparent redirect using CheddarGateway

• Edit

mkusmik

22 Mar, 2011 11:35 PM

I know you are PCI Compliant Level 1. Can I assume you use a transparent redirect to receive customer payment info from our website? In June 2010 you mentioned in your support forum that you were planning to provide this capability within a few months; it's now been 9 months so I assume it's there. But, I can't find confirmation on your website. Where should I be looking?

thanks,
melanie

1. Support Staff 1 Posted by Marc Guyer on 23 Mar, 2011 02:01 PM

   

   Hi Melanie -- Unfortunately that project has been significantly delayed. The good news is that we have a major upgrade happening next month. The upgrade includes support for "hosted payment pages" which should take care of your needs in the interim while we continue work on the transparent redirect.
   

   The hosted payment pages release "sets the stage" for transparent redirect support. Several of the features needed for hosted payment pages are also required for transparent redirect. Once that release is out and stable, we'll be working on transparent redirect. Migration from use of the hosted payment pages to transparent redirect should be relatively simple.

   • Edit

2. 2 Posted by mkusmik on 23 Mar, 2011 03:45 PM

   

   Would my developers have access to a beta version of the hosted payment page until it's up and running? Next month I assume means end of April and we plan to go live in early May.

   Somewhat related...can you compare your payment gateway to Authorize.net? It appears to me you charge more for your payment gateway over Authorize.net. What additional benefits do I gain using your payment gateway? Is it the ability to transfer the vault of customers, ...

   • Edit

3. Support Staff 3 Posted by Marc Guyer on 24 Mar, 2011 06:56 PM

   

   Would my developers have access to a beta version of the hosted payment page until it's up and running?

   We might be able to arrange that. However, integration with the hosted pages will be quite simple -- maybe a day or two of dev time.

   Somewhat related...can you compare your payment gateway to Authorize.net?

   It's actually about half the cost on the monthly -- the cardholder storage monthly is included in the gateway monthly. With Authorize.Net, the CIM is an extra $20/mo.

   The main benefits are first, as you suggest, it is possible to get your card numbers out. That's almost unheard of in the gateway world. Second, we support it. If an authnet merchant asks us about a transaction, we refer them to authnet.
   

   • Edit

4. 4 Posted by joshua on 24 Mar, 2011 07:23 PM

   

   Hey, just curious. Does this mean a merchant would need to have a different PCI certification by using the API as opposed to transparent redirect?

   • Edit

5. Support Staff 5 Posted by Marc Guyer on 24 Mar, 2011 08:33 PM

   

   Yes, if your servers touch credit card numbers in any way (even in memory only), you are required to be level 3 compliant vs. level 4.
   

   • Edit

6. 6 Posted by joshua on 25 Mar, 2011 01:56 PM

   

   Can you help us get compliant? What are the costs involved with that?

   • Edit

7. Support Staff 7 Posted by Marc Guyer on 25 Mar, 2011 08:57 PM

   

   Joshua -- You can get compliant in CheddarGateway using the CertifyPCI service. The costs are:

   • One-time setup: $99.00
   • Yearly Fee: $196.00
   • Yearly Insurance: $148.00
   • Edit

8. 8 Posted by gjpeacock on 01 Apr, 2011 03:40 PM

   

   Hi Marc,

   Is there a page somewhere on your site that has this information about the CertifyPCI service? I've been looking around and can't see anything.

   Also, are there any easily digestible lists of the kind of requirements technically and operationally?

   Many thanks,
   Gavin

   • Edit

9. Support Staff 9 Posted by Marc Guyer on 04 Apr, 2011 05:37 PM

   

   Attached is a little background on the service. Generally, a service like CertifyPCI makes getting certified much easier. If quarterly scans are required, they provide that service as well. Also, your certification status is reported on your behalf.

   • Certify_PCI_Introduction.pdf 1.08 MB
   • Edit

10. 10 Posted by cweekly on 06 Jul, 2011 07:53 PM

    

    Is there a rough ETA on the transparent redirect? Thanks

    • Edit

11. 11 Posted by cweekly on 08 Jul, 2011 09:59 PM

    

    Asking again about transparent redirects. Will this be supported soon?

    • Edit

12. 12 Posted by cweekly on 08 Aug, 2011 03:57 PM

    

    Please reply with status of transparent redirects feature, thank you!

    • Edit

13. Support Staff 13 Posted by Marc Guyer on 09 Aug, 2011 05:24 PM

    

    Hi Chris -- Sorry for the radio silence on this feature update. Unfortunately I don't have anything concrete to offer at this time. Our hosted pages and paypal support features are still settling in. As I said earlier, the hosted pages system is the platform on which we will be building the transparent redirect. We wont be able to give a firm ETA until we've determined that the foundation is sound.

    • Edit

14. 14 Posted by cweekly on 10 Aug, 2011 07:53 PM

    

    Hi Marc,
    Regarding the hosted pages, could you please elaborate on "still settling in" and "[we've not yet] determined that the foundation is sound"? Absent a transparent redirect, hosted payment pages are the only choice for companies unwilling to tackle PCI compliance, and those comments do not exactly inspire confidence. What kind of problems are you seeing?
    Thank you,
    Chris

    • Edit

15. Support Staff 15 Posted by Marc Guyer on 10 Aug, 2011 08:29 PM

    

    Yikes! I can see how my last comment did not inspire confidence! We don't have any current open issues with the hosted pages. There have been a few bugs here and there that have been resolved. They have been mostly with the PayPal workflow. For example, edge cases like when a customer rapidly begins the workflow, cancels, then tries again. We had to work around some PayPal limitations. The current functionality of the hosted pages is sound. We have hundreds of functional tests with thousands of asserts along with a sprinkling of Selenium tests on top to help ensure that.

    I'll elaborate on the "foundation". We ideally want to leverage the bulk of the hosted pages logic to facilitate the transparent redirect feature. The functionality is essentially the same, after all. An example of some work we need to accomplish prior to fitting in the transparent redirect is what we call "customer preloading". In the API you can post custom charges/credits and tracked item quantities in the same call when creating a brand new customer. This isn't possible yet in the hosted pages. That's really the final major prerequisite for transparent redirect.

    The end goal is to make the hosted pages and transparent redirect features as interchangeable as possible. In the end, you should only have to make a few tweaks (and build some web forms, of course) to convert from hosted pages to a more customized transparent redirect implementation. Make sense?

    • Edit

16. 16 Posted by cweekly on 10 Aug, 2011 08:48 PM

    

    Thanks Marc,
    That sounds much better. Looking forward (eagerly) to support for transparent redirects. Please prioritize its development as it makes the UX much much smoother. In my view it's your single biggest competitive disadvantage vs e.g. Chargify and others who have this feature. Good luck!
    Chris

    • Edit

17. Marc Guyer closed this discussion on 13 Mar, 2012 01:44 PM.