Merchants Have Merchant Accounts
To accept credit card payments using an API or another vendor, you must have a credit card merchant account. When a merchant sets up this account with a financial institution, the credit card processor assigns a store number and a merchant identification number. The credit card processor also sets up an account for the merchant in a special payment gateway known as an Application Programming Interface for use in accepting online payments through an automated system like a shopping cart software package. Depending on the financial institution, some credit card processors may refer to the API as an "Automated Payment Interface". Finally, the financial institution provides the merchant with a security file that must be stored on any server from which API transactions will be initiated.
The Merchant Sets Up Software
In order to make use of the credit card API system, the merchant must set up some form of online payment system for customers to use. In many cases, this function is performed by shopping cart software like Zen Cart, Cube Cart, or OS Commerce, though some merchants choose to program their own shopping cart systems or payment web pages. These systems often use Secure Sockets Layer (SSL) technology to facilitate the secure entry of payment information from the customer's computer to the merchant's server. Using an SSL secured connection, the merchant's shopping cart system or payment software collects important payment information like credit card number, expiration date, security code, and the customer's name. With this information collected, the software is ready to send the transaction to the credit card API.
API Transactions Are Transparent
When the server has collected the information to process a credit card transaction, it adds transaction information including the amount of the transaction and any sales tracking data, then encodes the information using the security certificate provided by the credit card processor. The software opens a port on the server and connects to the financial institution's e-commerce gateway, where it establishes a connection with the API. The software sends the encrypted data to the API, where software on the financial institution's server decodes the transaction information and processes the credit card payment. Once a decision is received from the bank that issued the credit card, the decision is encoded using the security certificate and sent back to the merchant's server; the server decodes the credit authorization and either continues the transaction or displays a "Declined" message to the customer. While a number of steps are involved in processing transactions using a credit card API, the process takes only seconds to complete and is completely transparent to the end user.
