Form Tips
Form Actions
Java Validation
Validation Sample
Contact Support
Multipart Secure Forms Hosting by SSNet, Inc.
OVERVIEW
SSNet, Inc., has been assisting online merchants and others for over 6 years by offering secure (SSL) order form hosting to those who do not have this service available from their own web hosting service.
This document is for the use of our advanced Gateway Database forms hosting service - where the form results must be accessed via our secure server. If you have signed up for our Standard Forms Hosting, please see that version of this document.
We now offer 3 types of secure forms hosting (the remainder of this document covers the third and newest option):
Standard - your form itself is hosted on our secure server. When a user clicks on the links on your site for ordering, they are immediately transferred to our secure server. The disadvantages of this system are that because graphics slow down secure servers, you are restricted to not using any type of graphics on your form. Secondarily, for security reasons, you do not have direct access to modify your form. You must modify on your end and send to us to upload to our secure server. The results from these forms are emailed directly to you.
Gateway Database Hosting - Exactly the same as the Standard service except you are only notified by Email when a new order is placed. You must then securely log onto our server to retrieve the complete order data.
Multipart Secure Forms Hosting - This new, unique service works with either the Standard or Gateway Database method of delivering form results to you. HOWEVER, the major difference is that it allows you to design and maintain your forms in any manner desired (yes, you can load them with graphics if desired) and to keep that basic form on your own website. Your base form will contain all the fields necessary for your customers to order your product/service, the types of credit cards you accept - everything EXCEPT fields for their Credit Card Number, Expiration Date, Cardholder's Name and additional Credit Card data if you select a form with higher fraud protection. In other words, your base form should contain the fields for your products, the customer's data and shipping data and the like - everything except credit card data.
The "Continue to Payment Data" submit button on your base form actually launches a secure (SSL) window displaying the credit card data for your customer to provide. In the background, all the fields from your base form are transferred to the new payment data form as hidden (non-displayed) form fields. When the user clicks on the Submit button, ALL the form data is processed using either the Standard or Gateway Database system.
While the below may seem complicated at first glance, it really is not - especially if you have a modest amount of HTML experience. Basically, you simply take your existing order form (or create a new one) and remove all the form fields that may ask for the customer's credit card data (see examples below). Then you replace the the <FORM ACTION=> fields with the one below and set a few options. We also HIGHLY recommend that you add browser-side, java script form field validation to make sure the data your customers provide is what you need.
If you are new to designing forms, or if you use a HTML editor such as FrontPage or others that automatically create forms, you should review our short Hints and Tips of Form Design page.
FORM ACTION FIELDS TO USE ON YOUR FORM
Below is a sample of the <FORM ACTION=> fields you will use on your form:
<FORM NAME="input" ACTION="https://www.securedgateway.net/formhosting/paymentonly/multipartrefer.cgi" METHOD="POST">
<INPUT TYPE='hidden' NAME='nextpage' VALUE='gworderteal3.htm'>
<INPUT TYPE='hidden' NAME='user' VALUE='YourGatewayUserName'>
<INPUT TYPE='hidden' NAME='recipient' VALUE='orders@YourDomain.Com'>
<INPUT TYPE='hidden' NAME='redirect' VALUE='http://yourdomain.com/'>
<INPUT TYPE='hidden' NAME='subject' VALUE='Online Order Received'>
<INPUT TYPE='hidden' NAME='title' VALUE='Secure Submission Confirmation'>
<INPUT TYPE='hidden' NAME='hcolor' VALUE='3FA3B1'>
<INPUT TYPE='hidden' NAME='htexcolor' VALUE='ffffff'>
<INPUT TYPE='hidden' NAME='currency' VALUE='US Dollar'>
<INPUT TYPE='hidden' NAME='mimeoff' VALUE='1'>
<INPUT TYPE='hidden' NAME='invoice_number' VALUE='Invoice Number'>
<INPUT TYPE='hidden' NAME='gateway_text_two' VALUE='Thank-you for your Order, as detailed below. If you have any queries, or you think the order may be wrong, press REPLY on your e-mail program. All sensitive data such as account information has been removed from this message.'>
<INPUT TYPE='hidden' NAME='gateway_text_three' VALUE='On-Line Order received, as detailed below. Press REPLY on your e-mail program to send a message back to the customer. Go to the <A HREF="http://softwaresolutions.net/gateway2/">Secure Gateway</A> using your username and password to retrieve the complete order. All sensitive data has been removed from this message.'>
PLEASE NOTE: The standard method of inclosing the values above is with the double qoute marks ( " " ) - however, since this particular system is script driven, and all the 'hidden' fields are sent through for processing, it is imperative that the single qoute ( ' ) be maintained as shown above.
An explanation of the Form Action fields used on your form. You may try to copy and paste the fields directly from this page, but we recommend you launch the formaction.txt file and copy from there.
<FORM NAME="input" ACTION="https://www.securedgateway.net/formhosting/paymentonly/multipartrefer.cgi" METHOD="POST">
The above is the call to our server to pass the form data to the payment screen. The NAME="input" is for the java script form field validation if you use it - we HIGHLY recommended that you do. The above call will open our payment data screen directly into the same browser window from which it was called. The Disadvantage to this is the address line of the browser will show that the secure form is actually on own server and not your own. Also, if you use Frames on your site - you DO NOT want to call a secure form into a non-secure frameset as the browser will not indicate that the form is secure.
If you do wish to call our form into the same browser window, you may use the return link and page title fields below to put a link on the HTML receipt generated by our system so your guest may easily return to whatever page you wish.
HOWEVER, we usually recommend that you call the secure payment form into a special new browser window. This small, new window does not show the address line. Therefore, the user has no idea that the payment form is not actually on your site. Additionally, this leaves your site open in the "Mother" or original browser window. You can see how this works by clicking here. If you wish to use this method, replace the line of code above with this one:
<FORM NAME="input" ACTION="https://www.securedgateway.net/formhosting/paymentonly/multipartrefer.cgi" METHOD="POST"
Target=newWnd onSubmit="window.open('', 'newWnd', 'width=530,toolbar=no,menubar=yes,location=no,resizeable=1,scrollbars=yes,status=yes')">
<INPUT TYPE='hidden' NAME='nextpage' VALUE='gworderteal3.htm'>
The above tells our system which credit card payment page you wish to use (what level of fraud protection and color scheme). See the samples below and use the desired filename. You will need to modify the VALUE='' to the desired file name.
<INPUT TYPE='hidden' NAME='user' VALUE='YourGatewayUserName'>
You can NOT access our Gateway Database system unless you have been issued the appropriate UserName to do so. You need to modify the VALUE='' in this line to reflect the exact UserName we issued you.
<INPUT TYPE='hidden' NAME='recipient' VALUE='orders@YourDomain.Com'>
The above is the Email address where you want the form results to go. You can enter more than one by separating each address with a comma - but no spaces. You must alter the VALUE='' to the desired address.
<INPUT TYPE='hidden' NAME='subject' VALUE='Online Order Received'>
The above is the subject line of the form results Email that is sent to you. You may modify the VALUE='' to any desired subject.
<INPUT TYPE='hidden' NAME='title' VALUE='Secure Submission Confirmation'>
The above controls the page title and main heading title of the HTML receipt that is automatically generated for the user by our system. You may change the VALUE='' if desired.
<INPUT TYPE="hidden" NAME="hcolor" VALUE="#00CCCC">
The above controls the Background color of the Table Header on the HTML receipt page. Please see the table of colors used on our standard forms and suggested VALUE='' for this field. Depending on what color scheme payment form you use, you will probably have to modify the VALUE=''.
<INPUT TYPE="hidden" NAME="htextcolor" VALUE="#000000">
The above controls the Text color of the 'title' text that appears in the Table Header. Please see the table of colors below used on our standard forms and suggested VALUE='' for this field. Depending on what color scheme payment form you use, you will probably have to modify the VALUE=''.
Please Note: Many of the other colors (page background, table background, text colors and such) that appear on the instant HTML receipt generated by the Gateway are set directly through your control panel on the Gateway.
<INPUT TYPE='hidden' NAME='currency' VALUE='US Dollar'>
Our Gateway script can display dollar amount in various currencies. US Dollars is the default. Contact us if you wish to change that value.
<INPUT TYPE='hidden' NAME='mimeoff' VALUE='1'>
Our Gateway script also automatically sends a copy of the order back to the customer via Email (minus any sensitive data such as Credit Card information). The code above tells the system whether to send that data as an HTML file (almost identical to the instant version that appears in the customer's browser after they submit an order), or to send the order data as plain text in the body of the Email message. The VALUE='1' is text, a value of '0' will send the HTML version.
<INPUT TYPE='hidden' NAME='invoice_number' VALUE='Invoice Number'>
Every order is given an incremental number. What this number is called - i.e., Invoice Number, Sales Number, Reservation Number - is controlled by the VALUE='' above. This value will appear in the form results and in the customer receipts.
<INPUT TYPE='hidden' NAME='gateway_text_two' VALUE='Thank-you for your Order, as detailed below. If you have any queries, or you think the order may be wrong, press REPLY on your e-mail program. All sensitive data such as account information has been removed from this message.'>
The above is the text that will appear at the head of the Emailed receipt your customer will automatically receive after placing an order. The receipt will have the "Reply To" address of whatever Email address you put in the 'recepient' value. You may change the text in the VALUE='' as desired.
<INPUT TYPE='hidden' NAME='gateway_text_three' VALUE='On-Line Order received, as detailed below. Press REPLY on your e-mail program to send a message back to the customer. Go to the <A HREF="http://softwaresolutions.net/gateway2/">Secure Gateway</A> using your username and password to retrieve the complete order. All sensitive data has been removed from this message.'>
The above is the text that will appear in the Email notification of a new order that is sent to you (the 'recepient'). We suggest you leave this text as is because it has a direct link in it to the Gateway so you may log in and retrieve the complete order.
YOUR FORM GOES HERE. ALL CREDIT CARD PAYMENT DATA - CARD NUMBER, NAME ON CARD, EXPIRATION DATE AND SUCH WILL BE ON OUR SECURE FORM -- YOUR FORM SHOULD CONTAIN ALL OTHER FIELDS DESIRED
<INPUT TYPE="submit" value="Continue to Payment Data">
The above is the suggested code for the "Submit" button on your form. Since this is a two-part process, we prefer to use the "Continue to Payment Data" and the text that appears on the button. Many form editors automatically add NAME="Submit" to this line of code. You will want to remove that or it will appear in the results of the form.
COLORS AND FRAUD PREVENTION
We offer our payment forms in many color schemes and with 3 levels of credit card fraud protection. Additionally, we use advanced form field validation on every field of our payment forms. Each field on each type of payment form is not only required, but each field has the additional requirements:
Card Number: Only numbers and spaces are allowed for a credit card number and the total for digits and spaces should be between 15 and 19 characters.
Expires (Mon/Yr): Both the Expiration Month and Year MUST be selected from the drop-down boxes.
Cardholder's Name: Only letters, spaces, periods and commas are allowed in the cardholder's name and it must be between 3 and 50 characters.
Name of Issuing Bank: Only alphanumeric, the - and the , are allowed in Issuing Bank Name and it must be between 3 and 40 characters.
Customer Service Phone: Only numbers, spaces, dashes or ( ) are allowed for the Issuing Bank Phone Number and the total for digits and spaces should be between 10 and 14 characters.
CVN Number: Only 3 (Visa and non-AMEX) or 4 (AMEX) digits are allowed in the CVN number.
No Fraud Protection - This form simply asks for the credit card number, expiration data and the cardholder's name. For online credit card fraudsters, this type of form is easy prey because all the above data can be found on old receipts, etc.
Medium Fraud Protection - This form asks for the credit card number, expiration data and the cardholder's name along with the Name of the issuing bank (First Card, Chase, etc) and the customer service phone number found on the back of the card. For online credit card fraudsters, this type of form is much more difficult because all the above data can NOT be found on old receipts, etc. However, their our online tools available to fraudsters that can supply the additional data of the card number and expiration date are known.
|