A small number of users have the following UX on their phones:
submit their card details
get a notification from their bank, tap that and get taken to the banking app to approve
return to the browser, page refresh happens automatically, Stripe 3D2 iframe and card details lost, start again.
How do we stop the page refresh when the user switches back from another app?
I've advised the user to make the payment on another device and keep the phone free for the bank approval only
Related
I need to add push notification in my web site
If a user has made payment for something... we show them alert in their account page on the website that you are now successfully connected to this community
If a user has done payment by check... we clear the payments by check through a cron job... once the job runs and payment is cleared... we show a notification to user whenever they log in saying that their check payment is cleared
A user sends a request to connect to an organisation... that organisation's admin should get an alert in their system saying that so and so person is pending approval from you.
Something similar to alerts that we get in our net banking might be... that your credit card payment is pending... something like that
Like we also get notifications on Facebook... the difference will be that instead of notifications we want to show alerts or messages directly displayed in their account
So, you want notifications in your system about payments.
In its simplest form, you could do it manually with emails, and/or popups in your application, that are loaded from DB when they login. This is sort of a manual system, and the Minimum Viable Feature could be quite easy to build yourself.
If you want it more advanced, like you mentioned, similar to Facebook's notifications button and feed. Then, yes, it might be easier to use getstream.io. It also has websocket integrations so you can get those notifications pushed in real-time. You can then also push other types of notifications in there, like for example: a notification when the user has logged in from a different browser (for security reasons).
I hope this answers your question.
I want to have the customer enter their card info once and have a "pay now" button that will save the users info for future payments without them having to reenter there info and stripe says this can be done if you create them in a user object.
When the user is entering their info in and saving it in a user object where it saves on the stripe side, I dont understand how this is secure, even with tokens. Couldn't the developer add another function to go along with the stripe custom forms 'submit' or 'pay now' to send the card info somewhere else before or simultaneously while stripe is generates the token? And if I want, can I have the last four digits be displayed of their "current card" in my hybrid ionic app? Can someone please explain to me what I'm missing?
Im sending the customers payment token over the wire for a affiliate to process the payment (my apps only on the client side), and because share the token does not put the card at risk, are there any security concerns I should be aware about?
Yes, a nefarious developer could easily do whatever he wants with the customer's credit card information and that would have nothing to do with Stripe. Stripe and every other payment processor assumes that its developers/clients are not using their services for malicious reasons and I'm sure if such evidence surfaced their account would immediately be revoked.
Stripe's security model allows developers to trust Stripe to store their customers' credit card numbers securely for them so that they can focus on developing their product, not worrying about building a PCI-compliant credit card database store. The idea is you hand over a customer credit card number to Stripe in exchange for a token (customer ID) which you later reference when making subsequent charges to that customer's card.
As for the last 4 digits of the card, yes that is easily obtainable via the Stripe API
https://stripe.com/docs/api#cards
Creating a buy now button with the button builder on the paypal website only allows you to create a button that will send the user to the paypal website for checking out with paypal.
I'm using the nodejs SDK to directly accept credit cards and prevent the user from having to leave my website in order to complete the payment. My question is how can I create a paypal button that calls the appropriate function in my application when the button is clicked instead of taking the user to a paypal payment page?
I'm assuming that when the payment button is clicked it ought to trigger a function in my application that creates the payment using the nodejs paypal rest-SDK module instead of sending the user to the paypal website.
The problem is that I could create any old button, but to comply with paypal's developer agreement it seems you have to use their buttons. The only solution I've thought of is to download one of their button image files from their website. This image could then be used to make a button that calls the appropriate function. Would this be okay?
For Direct Credit Card integrations, you do not have to use a PayPal button as your customers do not even need to know PayPal is involved. Typically, you would build a form to collect the customer and credit card data then post that to a script on the back end to map those variables to the correct SDK fields and submit the payment.
Can I get users to enter credit card details on the PayPal site, rather than my own when setting up a recurring payments profile for direct credit card payments?
When setting up a recurring payments profile for a user who wishes to subscribe to my service, I currently follow the standard recurring payment flow (as shown in the PayPal API examples):
Use the REST API to create a billing plan and agreement.
Redirect the user to the PayPal site.
User logs in/registers on PayPal site and confirms their acceptance there.
PayPal redirects them back to my site for final confirmation of the billing agreement.
Once they have confirmed on my site, billing commences and we start listening for IPN's.
However, it seems that if you want to use direct credit card payments (i.e. the customer does not have/want a PayPal profile), you have to capture the credit card details on your own site and pass them through to PayPal on the API call. Is there a way to move the credit card detail capturing to the PayPal site itself?
Yes, PayPal supports this arrangement; they call it hosted pro or hosted sole solution. However, it's classic, not the new REST.
PayPal's newer direct credit card APIs use vaulting, but I don't believe they come with a fully PayPal-hosted page that would avoid all PCI complications for you.
You might also want to look at Braintree's solution, which integrates into your page but handles encrypting & tokenizing the card details so you don't have to worry about PCI.
I was shopping online and at the time of payment, a login dialog from my bank appears in an iframe, I filled my details and the the online shop page let me go on with the purchase.
How does it work? I guess:
The online shop shows you the page with an iframe pointing to your
bank login widget.
You fill the login details and the bank authenticate you.
Now, how the bank now pass information to the online shop site to tell them you can go on?
Because the login is in an iframe, and as far as I know what happen in the iframe cannot affect the container page. So once you are authenticated in your bank, how the bank tell the online shop page "it's good, go on" ?
Cheers.
In a typical checkout situation there is as you can imagine a lot that goes on behind the scenes. But typically in this scenario, one would include with the request to the payment provider (i.e. PayPal, SagePay (formerly Protx), DataCash) a return success URL and return error URL. Typically a handler of some description on the ecommerce site would receive a callback from the payment provider (i.e not the iframe) once you have successfully completed authentication with your bank.
The website could have some webservices or other services running in the background handling the bank response and setting some sort of cookie or session for the site and loading another page.