This page aims to train future users of the secure redirection of the PayFacto payment solution.

You will find in this page a description of the secure redirection service, the operation, the various call and return parameters, the advantages related to the use of this solution and the information that the merchant must provide to PayFacto. 

The secure redirect service is an exemplary, efficient and secure way for merchants with an e-commerce site to make a payment by Internet.

The secure redirection service is very easy to use. This requires the merchant to take the order from a customer and call a webpage hosted on the PayFacto servers via the PayFacto web services. This page will show the transaction amount and ask the customer to enter their credit card information. Once this is done, a purchase transaction approval request will be sent by a PayFacto Payment Solution to the Acquirer. Thereafter, the PayFacto payment solution redirects the user to a success or failure page specified by the merchant. From this page, a web services call will need to be made in order to contact PayFacto to retrieve transaction return parameters. It should be noted that it is only possible to make purchases and pre-authorizations with this service. If your needs are different, contact the PayFacto Payment Solution Customer Service and another solution will be offered.

The PayFacto entry page contains links to information pages hosted on PayFacto payment servers. These pages are displayed in the PayFacto Customer Payment Service and provide a description of the security solution.

All communications between the merchant application and PayFacto application are done securely with the http protocol, but using the encryption approved worldwide. Internet clients must have a 128 bits browser, in order to use the PayFacto payment solution redirection service.

1. The customer finishes filling his shopping cart on the merchant site. It triggers a process that will ensure that the merchant's e-commerce application will call the PayFacto web services, including the call input parameters. “Redirect - Create Purchase Session” (Endpoint : https://test.api.payfacto.cloud/v1/redirect/CreatePurchaseSession). This call to the payment API will communicate and transfer the data to PayFacto payment solution servers.

2. The PayFacto server keeps the received parameters and returns a session number in the “transactionOutput” of the call “Redirect - Create Purchase Session” to the merchant e-commerce application.

3. At this time, the e-commerce application redirects the client's Internet browser to the PayFacto redirection page, including the session number, so that the PayFacto payment server can retrieve the transaction data.

The format of the redirect URL is as follows :

https://test.form.payfacto.cloud/redirect/Redirect?SecureID=%SecureID%&SecureTYPE=GET

When this is done, PayFacto displays the customer credit card information entry page (see image 1).

The customer must then enter his credit card number, the expiry date and, possibly, his e-mail address. If it is registered, the e-mail address will be used to send the transaction receipt to the customer. When the customer has entered his information, he must press the “Pay” button. The customer has a time limit to enter this information. If the customer makes a mistake in entering their credit card information, an error page will appear and the customer will have the option to cancel or restart their transaction (see image 2). The customer has a maximum of three attempts to complete the transaction correctly.

* The options displayed on the redirect page are defined according to the agreement of the merchant.

4. When the customer presses “Pay”, the PayFacto server creates a purchase request and sends it to the acquirer, in order to receive the authorization of the transaction.

5. Upon receipt of the acquirer's response, server updates return information and redirect the customer to the merchant. It will be redirected to a success page, if the transaction is approved or to a failure page in case of refusal, as a parameter, the session number of the transaction. The merchant's success or failure page must use the session number received by the PayFacto redirection application to make a new call “Redirect - Get Response” (endpoint : https://test.api.payfacto.cloud/v1/redirect/GetResponse) to payment API and return the transaction status with the transaction return parameters.

6. Finally, the e-commerce application must send the acknowledgment of receipt “Ack” (endpoint : https://test.api.payfacto.cloud/v1/ack) to PayFacto server to complete the transaction. The merchant has 3 minutes to send the acknowledgment to PayFacto.

IMPORTANT : If the result of this acknowledgment is not received or returns a negative answer “FALSE”, the transaction will be automatically reversed. The merchant must wait for the result of the acknowledgment (which must return “TRUE”) before confirming the success of the transaction for the client.

It is advantageous for a merchant to use this service for many reasons. First of all, although the development is a little longer, because the merchant must integrate web services, the secure redirection application is much safer than sending parameters directly to the payment solution on the PayFacto servers. Secondly, the merchant does not care about securing their database for the customer's credit card data, as this data is not transferred to the merchant. PayFacto takes care of receiving, securing and keeping confidential this information. Finally, the merchant does not need to develop a customer credit information entry page, since PayFacto provides it.