After the Terminal call is sent, the customers are directed to the Payment Window. Here they chose their payment method.
You can choose between hosting the Payment Window yourself, or the Netaxept hosted Payment Window.
Netaxept hosted Payment Window
A main benefit of the payment window hosted by Netaxept is, that you don't need to process and store card data in your systems, which helps to minimize PCI DSS requirements for this part. Card data is stored in a safe and PCI certified environment at Nets and removed at the end of the life cycle according to PCI DSS requirements.
Netaxept provides many ways for you to customize both, the Payment Window’s look and feel and its functionality.
For using the Netaxept hosted payment window, the Register call’s service Type parameter must be set to B:
When implementing a payment window, we suggest that you avoid frames including iFrames, especially if your site is not HTTPS, for the following reasons:
- Decrease of sales since customers might be worried to pay over unencrypted channel (phishing suspected).
- Password-based 3D Secure ACS servers won’t work in a frame because of click-jack attack protection.
- Reloading of the page might lose the initial transaction source URL, forcing customer to prepare an order again (for example, might be a problem when selling tickets with reserved seats).
Instead of using frames, we strongly encourage you to use our terminal design templates that will handle any form of formatting that might be needed, making the payment window indistinguishable from any other page in your website.
Merchant hosted Payment Window
Instead of using Netaxept hosted payment window, you can also use your own hosted payment window. In that case, no redirect to Netaxept payment window will happen and you will have a complete control of the layout of the payment window.
However, it should be noted that merchant hosted payment window is only supported for card payments. Any card data is transmitted within your systems so you need to implement your solution according to all PCI DSS requirements.