Instructions
Form Tips
Form Actions
Java Validation
Validation Sample
Contact Support

Multipart Secure Forms Hosting by SSNet, Inc.

OVERVIEW

SSNet, Inc., has been assisting online merchants and others for over 6 years by offering secure (SSL) order form hosting to those who do not have this service available from their own web hosting service.

This document is for the use of our standard forms hosting service - where the form results are Emailed directly to you. If you have signed up for our advanced Gateway Database Hosting, please see that version of this document.

We now offer 3 types of secure forms hosting (the remainder of this document covers the third and newest option):

Standard - your form itself is hosted on our secure server. When a user clicks on the links on your site for ordering, they are immediately transferred to our secure server. The disadvantages of this system are that because graphics slow down secure servers, you are restricted to not using any type of graphics on your form. Secondarily, for security reasons, you do not have direct access to modify your form. You must modify on your end and send to us to upload to our secure server. The results from these forms are emailed directly to you.

Gateway Database Hosting - Exactly the same as the Standard service except you are only notified by Email when a new order is placed. You must then securely log onto our server to retrieve the complete order data.

Multipart Secure Forms Hosting - This new, unique service works with either the Standard or Gateway Database method of delivering form results to you. HOWEVER, the major difference is that it allows you to design and maintain your forms in any manner desired (yes, you can load them with graphics if desired) and to keep that basic form on your own website. Your base form will contain all the fields necessary for your customers to order your product/service, the types of credit cards you accept - everything EXCEPT fields for their Credit Card Number, Expiration Date, Cardholder's Name and additional Credit Card data if you select a form with higher fraud protection. In other words, your base form should contain the fields for your products, the customer's data and shipping data and the like - everything except credit card data.

The "Continue to Payment Data" submit button on your base form actually launches a secure (SSL) window displaying the credit card data for your customer to provide. In the background, all the fields from your base form are transferred to the new payment data form as hidden (non-displayed) form fields. When the user clicks on the Submit button, ALL the form data is processed using either the Standard or Gateway Database system.

While the below may seem complicated at first glance, it really is not - especially if you have a modest amount of HTML experience. Basically, you simply take your existing order form (or create a new one) and remove all the form fields that may ask for the customer's credit card data (see examples below). Then you replace the the <FORM ACTION=> fields with the one below and set a few options. We also HIGHLY recommend that you add browser-side, java script form field validation to make sure the data your customers provide is what you need.

If you are new to designing forms, or if you use a HTML editor such as FrontPage or others that automatically create forms, you should review our short Hints and Tips of Form Design page.

FORM ACTION FIELDS TO USE ON YOUR FORM

Below is a sample of the <FORM ACTION=> fields you will use on your form:

<FORM NAME="input" ACTION="https://www.securedgateway.net/formhosting/paymentonly/multipartrefer.cgi" METHOD="POST">
<INPUT TYPE="hidden" NAME="nextpage" VALUE="ccorderteal3.htm">
<INPUT TYPE="hidden" NAME="recipient" VALUE="orders@YourDomain.com">
<INPUT TYPE="hidden" NAME="subject" VALUE="Online Credit Card Order">
<INPUT TYPE="hidden" NAME="required" VALUE="email">
<INPUT TYPE="hidden" NAME="sort" VALUE="">
<INPUT TYPE="hidden" NAME="title" VALUE="Secure Submission Confirmation">
<INPUT TYPE="hidden" NAME="bgcolor" VALUE="#00CCCC">
<INPUT TYPE="hidden" NAME="text_color" VALUE="#000000">
<INPUT TYPE="hidden" NAME="return_link_url" VALUE="http://YourDomain.com/">
<INPUT TYPE="hidden" NAME="return_link_title" VALUE="Home Page">

An explanation of the Form Action fields used on your form. You may try to copy and paste the fields directly from this page, but we recommend you launch the formaction.txt file and copy from there.

<FORM NAME="input" ACTION="https://www.securedgateway.net/formhosting/paymentonly/multipartrefer.cgi" METHOD="POST">

The above is the call to our server to pass the form data to the payment screen. The NAME="input" is for the java script form field validation if you use it - we HIGHLY recommended that you do. The above call will open our payment data screen directly into the same browser window from which it was called. The Disadvantage to this is the address line of the browser will show that the secure form is actually on own server and not your own. Also, if you use Frames on your site - you DO NOT want to call a secure form into a non-secure frameset as the browser will not indicate that the form is secure.

If you do wish to call our form into the same browser window, you may use the return link and page title fields below to put a link on the HTML receipt generated by our system so your guest may easily return to whatever page you wish.

HOWEVER, we usually recommend that you call the secure payment form into a special new browser window. This small, new window does not show the address line. Therefore, the user has no idea that the payment form is not actually on your site. Additionally, this leaves your site open in the "Mother" or original browser window. You can see how this works by clicking here. If you wish to use this method, replace the line of code above with this one:

<FORM NAME="input" ACTION="https://www.securedgateway.net/formhosting/paymentonly/multipartrefer.cgi" METHOD="POST"
Target=newWnd onSubmit="window.open('', 'newWnd', 'width=530,toolbar=no,menubar=yes,location=no,resizeable=1,scrollbars=yes,status=yes')">

<INPUT TYPE="hidden" NAME="nextpage" VALUE="ccorderteal3.htm">

The above tells our system which credit card payment page you wish to use (what level of fraud protection and color scheme). See the samples below and use the desired filename. You will need to modify the VALUE="" to the desired file name.

<INPUT TYPE="hidden" NAME="recipient" VALUE="sales@YourDomain.Com">

The above is the Email address where you want the form results to go. You can enter more than one by separating each address with a comma - but no spaces. You must alter the VALUE="" to the desired address.

<INPUT TYPE="hidden" NAME="subject" VALUE="Online Credit Card Order">

The above is the subject line of the form results Email that is sent to you. You may modify the VALUE="" to any desired subject.

<INPUT TYPE="hidden" NAME="required" VALUE="">

This uses a server-side field validation system. It IS NOT recommended - we HIGHLY recommend you use browser-side java validation. However, the server-side option is available. To use, simply place the names of all the form fields that are required on your form - exactly as they appear in the NAME="" of each form field. Multiple field names need to be separated by a comma - but no spaces.

<INPUT TYPE="hidden" NAME="sort" VALUE="">

The above is used if there is a specific order that you wish your form fields to appear in the results. Normally, the fields will appear in the exact order they appear (top to bottom in the HTML code) on the form webpage. However, there may be situations where you want the fields sorted in a different order. To use this option, you enter in all the form fields in the order you wish them to appear - separated by commas with no spaces. Depending on which of our payment forms you use, our fields will have to be included. Please contact us if you wish to use this option or view the HTML of the payment form to see the proper field names.

<INPUT TYPE="hidden" NAME="title" VALUE="Secure Submission Confirmation">

The above controls the page title and main heading title of the HTML receipt that is automatically generated for the user by our system. You may change the VALUE="" if desired.

<INPUT TYPE="hidden" NAME="bgcolor" VALUE="#00CCCC">

The above controls the Background color of the HTML receipt page. Please see the table of colors used on our standard forms and suggested VALUE="" for this field. Depending on what color scheme payment form you use, you will probably have to modify the VALUE="".

<INPUT TYPE="hidden" NAME="text_color" VALUE="#000000">

The above controls the Text color of the HTML receipt page. Please see the table of colors below used on our standard forms and suggested VALUE="" for this field. Depending on what color scheme payment form you use, you will probably have to modify the VALUE="".

<INPUT TYPE="hidden" NAME="return_link_url" VALUE="http://mydomain.com/index.htm">

The above should only contain a Value (something within the "" of the VALUE="") if you decide to launch our payment form into the same browser window as you form. If so, put the full URL of the page you wish to show as a link on the bottom of the HTML receipt that is produced by our system. Please review the section above on the FORM NAME="input" ACTION="https: line of code before deciding to call our form into the same, or a new, special window.

<INPUT TYPE="hidden" NAME="return_link_title" VALUE="Home Page">

The above should only contain a Value (something with the "" of the VALUE="") if you decide to launch our payment form into the same browser window as you form. If so, put the text that you wish to show as a link on the bottom of the HTML receipt that is produced by our system. Please review the section above on the FORM NAME="input" ACTION="https: line of code before deciding to call our form into the same, or a new, special window.

YOUR FORM GOES HERE. ALL CREDIT CARD PAYMENT DATA - CARD NUMBER, NAME ON CARD, EXPIRATION DATE AND SUCH WILL BE ON OUR SECURE FORM -- YOUR FORM SHOULD CONTAIN ALL OTHER FIELDS DESIRED

<INPUT TYPE="submit" value="Continue to Payment Data">

The above is the suggested code for the "Submit" button on your form. Since this is a two-part process, we prefer to use the "Continue to Payment Data" and the text that appears on the button. Many form editors automatically add NAME="Submit" to this line of code. You will want to remove that or it will appear in the results of the form.

COLORS AND FRAUD PREVENTION

We offer our payment forms in many color schemes and with 3 levels of credit card fraud protection. Additionally, we use advanced form field validation on every field of our payment forms. Each field on each type of payment form is not only required, but each field has the additional requirements:

Card Number: Only numbers and spaces are allowed for a credit card number and the total for digits and spaces should be between 15 and 19 characters.
Expires (Mon/Yr): Both the Expiration Month and Year MUST be selected from the drop-down boxes.
Cardholder's Name: Only letters, spaces, periods and commas are allowed in the cardholder's name and it must be between 3 and 50 characters.
Name of Issuing Bank: Only alphanumeric, the - and the , are allowed in Issuing Bank Name and it must be between 3 and 40 characters.
Customer Service Phone: Only numbers, spaces, dashes or ( ) are allowed for the Issuing Bank Phone Number and the total for digits and spaces should be between 10 and 14 characters.
CVN Number: Only 3 (Visa and non-AMEX) or 4 (AMEX) digits are allowed in the CVN number.

No Fraud Protection - This form simply asks for the credit card number, expiration data and the cardholder's name. For online credit card fraudsters, this type of form is easy prey because all the above data can be found on old receipts, etc.

Secure Payment Data

Credit Card Data
Card Number (1234 2345 1234 1234)
Expires
Cardholder's Name
(To whom is the card issued)
Available Files for "nextpage" value: ccorderblack.htm | ccorderblue.htm | ccordertan.htm | ccorderteal.htm

Medium Fraud Protection - This form asks for the credit card number, expiration data and the cardholder's name along with the Name of the issuing bank (First Card, Chase, etc) and the customer service phone number found on the back of the card. For online credit card fraudsters, this type of form is much more difficult because all the above data can NOT be found on old receipts, etc. However, their our online tools available to fraudsters that can supply the additional data of the card number and expiration date are known.

Secure Payment Data

Credit Card Data
Card Number (1234 2345 1234 1234)
Expires
Cardholder's Name
(To whom is the card issued)
Name of Issuing Bank
(FirstCard, Chase, Amex, Discover)
Customer Service Phone Number
(Found on the back of your card)
Available Files for "nextpage" value: ccorderblack2.htm | ccorderblue2.htm | ccordertan2.htm | ccorderteal2.htm

High Fraud Protection - In addition to all the fields of the form above, this form also requires the CVN number of the card. This number can only be found on the card itself - it is not tranferred to any receipts. While you may not have the proper transaction processing equipment or service to verify the CVN number - a potential fraudster does not know this - but they do know the CVN number is unique and must match the card.

Secure Payment Data

Credit Card Data
Card Number (1234 2345 1234 1234)
Expires
Cardholder's Name
(To whom is the card issued)
Name of Issuing Bank
(FirstCard, Chase, Amex, Discover)
Customer Service Phone Number
(Found on the back of your card)
3 or 4 Digit CVN Number
(What is that?)
Available Files for "nextpage" value: ccorderblack3.htm | ccorderblue3.htm | ccordertan3.htm | ccorderteal3.htm

Very High Fraud Protection - If you have experienced or are worried about the damage online credit card fraud can do to your business, SSNet, Inc. is also the parent company of AntiFraud.Com. Antifraud.Com offers its members a variety of tools that significantly reduce online credit card fraud committed against your company. This is a separate service that can be easily integrated into all of our hosting services.

Color Schemes used on our order payment forms:
Scheme BackGround Color Table Text 1 Table Cell 2 Table Cell 3 Table Cell 4
TEAL
HTML Value #FFFFFF #000000 #438787 #00CCCC #00FFFF
TAN
HTML Value #EADBB9 #5A471B #B08B35 #D9BE82 #C9AC72
BLACK
HTML Value #000000 #000000 #9A9A9A #E1E1E1 #FFFFFF
Blue
HTML Value #89c7f3 #FFFFFF #2884df #0080ff #6F99FB
Recommended Colors for hidden input fields found in Form Action fields:

TEAL:
INPUT TYPE="hidden" NAME="bgcolor" VALUE="#438787"
INPUT TYPE="hidden" NAME="text_color" VALUE="#000000"

TAN:
INPUT TYPE="hidden" NAME="bgcolor" VALUE="#EADBB9"
INPUT TYPE="hidden" NAME="text_color" VALUE="#5A471B"

BLACK:
INPUT TYPE="hidden" NAME="bgcolor" VALUE="#9A9A9A"
INPUT TYPE="hidden" NAME="text_color" VALUE="#000000"

BLUE:
INPUT TYPE="hidden" NAME="bgcolor" VALUE="#89c7f3"
INPUT TYPE="hidden" NAME="text_color" VALUE="#2884df"

NOTE: If you wish us to custom code the payment form to exactly match the colors of your site, this can be done for a nominal fee. Please contact us via our Contact Formand ask for details.

Finally, once you have you form setup and online, you MUST provide us with the full URL (i.e., mydomain.com/forms/order.htm) so we can add the URL to our database of pages allowed to access our system. You will get an error message from our system if the exact URL to your form is not in our database. Please send us the URL via our Contact Form.

SUMMARY

Again, while all the above, and the supplemental Hints and Tips of Form Design and Java Script Form Validation files may seem terribly complicated, it really isn't. Below are the simple steps needed to use our system with your form:

1. Review this document and the supplemental documents as needed.

2. Design a new form or modify your existing form as described in detail above by:
a. Insert or replace your current Form Action= fields with the fields from the formaction.txt file.
b. Modify the desired Value="" values in the new Form Action fields as described above.
c. Insert the necessary code for java script validation for your form - see Java Script Form Validation.

3. Notify us of the exact URL where your form will reside so we can add it to our authorized users.

NOTES:

The field on your form where you ask for the customer's Email address MUST be named "email" - i.e., INPUT TYPE="text" NAME="email" - Email, E-mail or anything other than - email - will not work.

Your form must also contain a field or explanation of which credit cards you accept. This data is not on our payment form.

Also, since your base form will be on your website and will NOT be secure, but the form that asks for credit card data IS secure, you may wish to put something to the following at the top of your form so your customer's know their sensitive data is being securely submitted:

"Please Note: This is a two part form. Please provide your ordering and shipping information on this non-secure page. You will then be automatically transferred to our Secure (SSL) server to provide your credit card number and related data."

All Material Copyright by SSNet, Inc.