Transparent Redirect allows your organization to process credit card information on your website without ever passing credit cards through your server. This allows you to conduct business on your own website while in compliance with PCI regulations.
How It Works
Your webpage acts only as a form to collect payment information. When the user clicks 'submit', the data is posted directly to Paperless Transactions, bypassing a post back to your server. Instantly, the user is redirected to a success or failure page located on your website. If all data posted was valid, a profile number is included in the returning form post. With this profile number, your organization may charge, refund, and perform all other necessary transactions using the Back Office API, or Virtual Terminal without ever being exposed to sensitive credit card information.
The most significant security risk lies in the fact that savvy users are able to view and even manipulate form data before it is posted to Paperless Transactions. For this reason, several security precautions are put in place:
- Credentials for your organization are not included in post data. Instead, your organization is assigned a unique URL that is setup to only accept posts coming from your website.
- All posts are validated for SSL transmission.
- Fields at risk of user manipulation can be setup as Hash Required. When this requirement exists, a second field is validated for a hash value. The hash can only be generated using the clear text value and a secret "salt" value known only by your organization and Paperless Transactions. If the hash value passed does not match the hash created, the entire post will fail.
- Transactions can only be posted in 'Test Mode' if your organization is setup to allow test transactions.
- Each transaction must contain a unique PostID that cannot be used a 2nd time.