Re: Need recommendations on Credit Card processing please!!!

I just emailed a bud at a former place. They do about 1.5 mil a day in CC dollars. Stay tuned.

Re: Need recommendations on Credit Card processing please!!!

"It used to be ISD, but they were purchased by ACI Worldwide". Good luck.

Re: Need recommendations on Credit Card processing please!!!

Do your customers make repetitive payments, such as monthly payments, or is it more of a single payment business model?

Re: Need recommendations on Credit Card processing please!!!

It's much more of a single payment model; however, some customers may use us many times a month. For statement payments, that currently runs as a manual transaction PC side.

Re: Need recommendations on Credit Card processing please!!!

The reason I asked that is because of the hokeyness involved in processing transactions via a processor. If your processor can return tokens to you, you can greatly simplify and automate future payments for existing customers who are using the same CC card.

The issue lies with how most processors interface to you, while maintaining PCI compliance. This is almost always done though a redirect post to the processor's site, or an iframe. Both of these are browser based solutions. If you are e-commerce based, and generating sales and payments through a website, then it is much easier to automate a non-PCI compliant system and integrate it with a CC processor that handles the PCI compliance for you. This is because the customer is already on a browser, so it's rather easy to iframe or redirect post directly from the customer to the payment processor, without your company "seeing" that PCI data. The payment processor then redirects the customer's browser back to your system with the payment processing details, minus the CC info. If the redirect works, all is well. If it doesnt, then you need a way to query the processors system for that specific transaction in order to determine the payment status. While it may be completely automated, it is also prone to frequent failures, especially if the redirect does not work. Therefore, you have to have backup systems to query the payment processor to determine the outcome of transactions which were not reported back.

The process above can be completely eliminated for subsequent payments if the processor utilizes tokens. If you have a token on file for the customer, you can simply make a webservice or api call to the processor, and the processor will know which CC the token is for. That method would be completely automated and real time, and could reside totally within the /400. So, if you business model sees the same customer making multiple payments with the same CC, then I would want to ensure that the processor supports tokens. Not all of them do.


Also, not all payment processors are created equal. Payment processors are simply middlemen that inject another series of hardware, firewalls, and systems that could fail and impact your business. Furthermore, they themselves may partner with other middlemen such as "T-Gate" to send transactions back and forth to various banks, and that injects another company and hardware into the mix. Point being, with payment processors, you could have many different failure points that are completely out of your control. So I would recommend getting some referrals from other customers who are your size, in your timezone, and that processes similar payments over similar periods of time. (Which is what you are doing in this thread.) Also, check to see how willing the processor was to make modifications needed to automate the process as much as possible. In order to automate, you will likely need to send the processor some sort of unique transaction identifier, which the processor will need to send you back so you know how to post the payment. (Because the way the redirects work, the only way to know who the payment is for is from a unique identifier you have logged to your system before the payment was directed to the processor. ) You will also need to be able to call an api or webservice on the processors system, especially if the redirect fails. (And it will, sometimes way too often.)


I dont know anything about the two vendors listed, but would be interested in knowing any info about them as well.

Re: Need recommendations on Credit Card processing please!!!

Michael, thanks for the information.

Both these processors say they are using tokens as a transaction identifier, the way you are describing tokens doesn't sound the same as how they are. One of the problems I'm having in comparing any of these services is really knowing how much code adaptation will have to be done to work within our system. We have a LOT of old 36 code that is in our order entry system, AND we're executing PC commands, and...My mind spins just thinking about it. I know they're not going to commit themselves to anything without really get a look under our covers, but I still think this is going to be VERY daunting...

Re: Need recommendations on Credit Card processing please!!!

Larry ... I've been involved with and Used ISD (now ACI Worldwide) for quite some time. VERY good solution for the iSeries!

Integrated their service with our POS System easily. Outstanding support and routine updates for PCI Mandates, etc...
Have some contacts still there if you're interested.

Re: Need recommendations on Credit Card processing please!!!

Sure, Rick. Any information you can give me would be appreciated.

larry.davidson@unitedfabrics.com

Re: Need recommendations on Credit Card processing please!!!

Yea, that on the surface sounds more like a session id than a token. (At least, in the sense we are referring to.)

You are correct in being concerned with integration. Unless the vendor has specifically dealt with this platform, you'll have to determine how to bolt-on or invoke their hosted page from your green screen, and you might want to have a http cgi based server setup to receive a redirect for payment authorization and posting information. If the vendor has dealt with this platform, they can usually walk you through most of it easy enough. If they havent,, then they wont be much help.

Re: Need recommendations on Credit Card processing please!!!

There are definitely a couple of ways to approach this and get a good result on your side. You could do like we do here. We use crypto complete software (Hey Rick!) for storing the card and we then process it through RITA from Verifone. This makes you fully responsible for your PCI compliance and is a pain in the arse. OR!!!!!! You can use a Paypal style 3rd party software to do it like Stripe or Braintree. You would write the interface in PHP that can run on the IBM i and update your IBM i database with the Auth Tokens from the processor. Let them store the card number. It should only ever exist in program memory on your side. You'll be able to get instant approval/denial from them. Since you can call PHP from RPG and get a return value this is one way to go that keeps PCI out of your hair.

Re: Need recommendations on Credit Card processing please!!!

Crypto Complete .. Hmmm.. I've heard of that somewhere before!

Somehow, we missed this post. Curbstone is the solution for AS/400, iSeries IBM i-based systems. We support phone orders, EMV, and e-commerce, and can take your existing infrastructure COMPLETELY out of PCI scope. Our Remote Tokenization provides seamless native integration to your existing RPG apps. We support several major auth networks that are used by the majority of banks, so you can retain your merchant account. https://curbstone.com