With the ever-increasing shift to e-commerce, addressing cart abandonment through the revamped Hosted Checkout has drawn heightened industry attention. It enables merchants to increase sales while providing a great way for consumers to shop securely.
Our own redesigned Hosted Checkout:
Collects payment details from the consumer through an interaction that is hosted and displayed by the Suncorp Gateway (provided to you directly or through your acquirer’s use of our gateway).
Features a modular user interface and a modern customer experience to be more intuitive and inviting.
With Hosted Checkout merchants never see or handle payment details directly; they are collected by the hosted payment interface and submitted directly from the consumer’s browser to the Suncorp Gateway. Hosted Checkout can be implemented in one of two ways:
An embedded payment page: Embedded elements can be added to an existing site to offer an easy way to take a payment without the need to update the website.
A full-page redirect: Moves consumers to a Mastercard Hosted Payment Page, which provides more real estate to merchants for branding and customization elements.
Key Benefits
Simple to integrate and fully mobile responsive.
Does not require users to handle or store any payment details, thereby lowering PCI compliance costs.
Provides access to a growing number of gateway features available via Hosted Checkout.
Hosted Checkout is a global offering with a variety of regional payment methods and support for a large number of languages.
You can use the theme offered by your payment service provider to display the Hosted Checkout interface. This allows the ability to leverage the branding of each your payment service provider.
Allows for content customization to display desired business information.
Notifications issued upon successful payments (notifications enabled through subscription)
The payment flow for the Hosted Checkout model is illustrated below.
The payer initiates the payment process for goods and services at your shop site. In response, your application submits a JavaScript request with the required data to the Suncorp Gateway to display the chosen payment interface: an Embedded Page or Hosted Payment Page.
The payer is presented with the payment interface. The display contents (like your business information and order details), as well as other aspects of the payment interface, are controlled by the data in your request.
The payer enters the required information, and clicks "Pay".
The Suncorp Gateway collects and verifies the payment details and processes the payment.
If you are configured for a browser payment service such as PayPal , or a digital wallet service, these services display as a payment option alongside other card options. If the payer chooses to pay using one of these services,the payer will be redirected to the service provider's website to select the payment details.
If you are configured for the 3-D Secure Service, by default your payer will be prompted to authenticate before performing the payment. You can choose to bypass the authentication, see Bypass Security Features.
If the payment is successful, the payer can obtain the payment details from one of these sources:
A Suncorp Gateway-hosted receipt (in the embedded page or on a hosted page). This is the default behavior.
Your shop site.
Email notifications. You must subscribe to payer notifications to implement this.
If the payment is unsuccessful, Hosted Checkout displays the result, allowing the payer to retry the transaction with different payment details.
Choose the Hosted Session model if you want control over the layout and styling of your payment page, while reducing PCI compliance costs. The Hosted Session JavaScript client library enables you to collect sensitive payment details from the payer in payment form fields, sourced from and controlled by Suncorp Gateway. The gateway collects the payment details in a payment session and temporarily stores them for later use. You can then include a payment session in place of payment details in the transaction request to process a payment.
Key Benefits
Hosted Session is simple and quick to integrate.
You do not need to collect, store, or process any sensitive payment details thereby lowering PCI-compliance costs.
You maintain control over the styles and layout of your payment page.
You can customize the payer experience to suit your business.
Information Flow
The payment flow for the Hosted Session model is illustrated below.
The payer initiates the payment process for goods and services at your shop site.
The payer can choose to provide payments details using a credit/debit card, digital wallet, gift card, or make an ACH payment.
Your payment page: Payment details are collected in form fields embedded in iFrames hosted by the Suncorp Gateway.
Digital wallet: Card details are securely collected from the wallet interaction and sent to the Suncorp Gateway.
The Suncorp Gateway collects the payments details in a payment session, which you can use in any operation referencing a session.
Batch Integration allows you to securely and reliably submit batches of operations (Captures, Refunds, etc) to the Suncorp Gateway for processing without direct payer interaction. For example, you can trigger authorizations using an online shopping cart and then perform captures using Batch Integration.
Once submitted, you can periodically request a batch status to determine the current state of the batch processing including a count of the total uploaded, processed, and erred operations as well as time and date stamps on processing actions. The same batch status is also visible to your payment service provider via the Batch Integration Status Search screen in Merchant Manager.
After a batch has completed processing, you can request a response file that contains the result of each of the uploaded operations.
Key Benefits
Processes multiple operations securely and efficiently — you are able to securely process multiple operations by submitting a batch rather than processing each operation individually.
Removes the need for installing a local application — you need not install an application on your system. This removes the cost of deploying, updating, and maintaining applications.
Removes PA-DSS compliance obligation — providers of payment applications to third parties must comply with Payment Application Data Security Standard (PA-DSS) requirements. Removing the need for an application installed on your system, removes the cost of meeting the PA-DSS compliance obligation.
Supports both small and large merchants — the feature supports the needs of both small merchants (who mainly require a solution that is easy to use and does not require integration), and large merchants (who want to efficiently process large transaction volumes).
Reduces PCI compliance costs when used with Tokenization — when used with Tokenization, you are able to realize the combined benefits of Tokenization and Batch Integration processing.
Information Flow
The information flow for Batch Integration is illustrated below:
Your integration aggregates payer operations into a batch and uploads the batch of operations using HTTPS PUT over the
Internet to
the Suncorp Gateway via the Suncorp GatewayBatch Integration service. See Creating a Batch Request.
You may choose to combine collected card details with details stored on a previously stored token.
See Multiple Sources of Card Details.
You may also pass additional fields in the Batch Request depending on your business need.
See Supported Features.
Before the batch is processed you will need to validate the batch contents by sending a Message Integrity Code (MIC) comprising of a SHA-1 digest of the batch contents so that any missing or corrupt records are detected. See Sending a Batch Request.
Once validated, each operation in the batch is processed.
During processing you can poll for the status of the batch to determine the number of records processed and the overall status. See Retrieving Batch Status.
Once the status indicates that the batch processing is complete you can request a batch response. The batch response includes the response values as specified in the original uploaded batch header. Downloading the Batch Response.