Authorize.Net Advanced Merchant Integration Setup ================================================= Last Revised, 2003-1-30 CyberOffice Shopping Cart full version, up-to-date software can be downloaded from ========================= ftp://ftp.smartwin.net/cybershop.exe. Run the setup program and follow the instructions to properly configure the system to a working stage. Then use this document to set up and configure the payment gateway interface to Authorize.Net. 1) Find the payment.asp and authorize.asp files under the shopping_cart folder; 2) Modify the payment.asp file to include the authorize.asp file: a) Find the line containing <%Call CreateMyObject %> b) Insert the line after it 3) Under Shop Manager -> Global / System Settings: a) Select Authorize.Net as the Credit Card Processing Agent; b) Enable Real-Time. 4) In the Authorization Parameters box, enter a) Auth_URL=payment.asp;x_Version=3.1; b) x_Login=your_authorize_API_Login_id; c) x_Password=your_authorize_net_password; (Do not set this when the transaction key is set); d) x_Tran_Key=your_authorize_net_transaction_key; (if the password is not set) e) Other optional parameters (refer to Authorize.Net Manual). Obtaining Your Authorize.Net API Login ID and Transaction Key ============================================================= a) Log into the Merchant Interface at https://secure.authorize.net/ a.1) The direct link is https://account.authorize.net/ui/themes/anet/User/TransactionKey.aspx b) In the main menu, click Account. c) Click API Login ID and Transaction Key in the Security Settings section. d) Enter the Secret Answer to the Secret Question you configured when you activated your Authorize.Net Payment Gateway account. Click Submit. The API Login ID and Transaction Key generated for your payment gateway account appear. Be sure to securely record and provide these values to us for your account integration. Enhanced Security and Encryption Measurement ============================================ 5) All databases must be hidden from the Web site. They are recommended to reside on a different server (such as a dedicated computer running MS SQL server. However that is not always plausible, depending on the hosting environment). 6) All shopping cart pages that collect customer information must be placed under an SSL site. Contact your Web host to arrange and install an SSL certificate on the server. 7) On the view_cart.asp page, update the link to checkout.asp page and point it to the same page, but under the SSL site. Typically, this will be https://yoursite/shopping_cart/checkout.asp?.... 8) As soon as the Site goes live, Access to the Shop Manager must be carried under the SSL site. 9) Under Shop Manager -> Global / System Settings, a) Enter the registration key issued by SmartWin Technology; b) Under the Security Measures section, check Encrypt credit card fields and passwords on the database c) Update the Settings to the system. Enhanced Encryption Alogorithm and Coverage =========================================== When step 9) is applied, an instance dependent encryption key will be generated. It triggers a built-in security measure, using the industrial standard Triple-DES encryption algorithm. The encryption itself is implemented using Microsoft Enhanced Cryptographic Provider. 10) Under the enhanced security measure: a) Passwords to the Shop Manager are encrypted. Only a proper login to the Shop Manager can view encrypted data on the database. Namely, even if the database or the Web server itself was hacked, the encrypted information would not be available to the hacker; b) All data in the Authorization Parameters box will be stored encrypted in the database, this includes the transaction key and/or the Authorize.Net account password. c) Sensitive Customer Information, including Card Number, Exp Month, Exp Year, Card Code, Bank Account Number, Customer Tax ID, Drivers' License Number will be encrypted as the order is lodged. d) The system can be customized to encrypt any other data on demand. Any questions, please contact us at support@smartwin.com.au or +61-3-9568-2565. Support Team SmartWin Technology http://www.smartwin.net