Virtual - Hosted Payment Pages

This is a popular solution mainly due to the ease of integration into the solution and the high level of Security that it provides to merchants.

Introduction to Virtual

The Virtual Payment Solution makes use of Adumo Online's hosted payment page. This is a popular solution mainly due to the ease of integration into the solution and the high level of Security that it provides to merchants.

The Virtual Solution also has the ability to be customized to such an extent that your client would feel as though they are on your website while making payment, ensuring peace-of-mind throughout the entire checkout process.

The Virtual solution offers the ability for a merchant to customise the logo, colours and details displayed on the payment page so that the cardholder does not feel that they are leaving the merchants website. The Virtual Payment Page is operating behind TLS (Transport Layer Security) security protocol and all information that is captured on the payment page is encrypted using 128-bit encryption ensuring that your client's credit card details are kept safe.

Virtual Features

Virtual Payment Process

One of the main benefits of utilising the Virtual Solution is the simplicity in which to integrate it into your online website. It requires less development work than other Adumo Online Solutions and security measures are already incorporated by Adumo Online.

Virtual allows the merchant to utilize the Adumo Online payment webpage. This means that your clients will be directed to Adumo Online's Payment Page where they will enter their credit card details in order for the transaction to be completed. The payment information which Adumo Online requires is posted to Adumo Online via a form POST. This POST can be done in any language that supports this method.

Virtual Payment Process

Illustration: Virtual Payment Process

Step 1 – Cardholder makes purchase from merchant's website.
Step 2 – Merchant creates form post to Virtual payment page.
Step 3 – Adumo Online processes the transaction to the merchant Bank.
Step 4 – The merchant bank processes the transaction and returns a successful or declined message.
Step 5 – Adumo Online returns this result and/or error code with error description back to the Merchant
Website address specified in the form POST.
Step 6 – If the functionality is set up (from the Adumo Online Web Console) Adumo Online will notify the card
holder via email of the transaction details and the merchant via email.

General Requirements for Using Virtual

Internet Merchant Account

An Internet Merchant Account is required to accept credit card transactions over the internet. If you have an Internet Merchant Account you need to supply these details to Adumo Online before going Live. If you do not have an Internet Merchant Account, Adumo Online can assist you with your application to the acquirer (bank).

Note: An Internet Merchant Account is a different type of merchant account than what is used for card present / POS transactions.  You will need to apply for an Internet Merchant Account even if you already accept credit card transactions from your store.

Security – Server Passwords

You need to apply security best business practice to ensure that confidential data and card detail are protected while either being stored in the database or while data is being transmitted. It is suggested that you encrypt key information issued to you by Adumo Online. This will be things like your User Access, JWT Token Secret and access tokens.

Note: To reduce fraud or potential incidents it is recommended to encrypt any passwords that give access to your server.

TLS

TLS (Transport Layer Security) is a security protocol that ensures that data being captured on Adumo Online's payment page cannot be read by encrypting the data using two encryption keys. The Virtual solution does not require a merchant to implement TLS protocol as this is handled by Adumo Online.

Integration

Form Post URL

The form post URL is the Adumo Online URL used to submit the form post to.  Adumo Online provides the following URL for both Live and Test. 

Test URL : https://staging-apiv2.adumoonline.com/product/payment/v1/initialisevirtualCopy URL to clipboard

Production URL : https://apiv2.adumoonline.com/product/payment/v1/initialisevirtualCopy URL to clipboard

Note: Mode has been deprecated and should always be 1. For testing please use the staging url.

Testing

View all ApplicationUIDs

For testing purposes, we have provided a MerchantUID and ApplicationUID's in multiple currencies.

MerchantID: 9ba5008c-08ee-4286-a349-54af91a621b0

JWT Secret: yglTxLCSMm7PEsfaMszAKf2LSRvM2qVW

When going live, these will need to be replaced in your code by using the Adumo Online issued MerchantID and ApplicationID. You can retrieve your JWT Secret from the Merchant Portal.

Test Cards

Test Cards are used to perform test authorizations to Adumo Online. Test Cards will only work when using the test URL. Test Cards transactions will not go to the acquirer.

Test Card Types

Note: Test Cards will only work when posting to the test URL.

Non 3D Secure Test Cards

Visa Successful    
Card Name   Joe Soap  
Card Number   4111111111111111  
Card Type   Visa  
Expiry Date   Any date in future  
CVV Number (last 3 digits on back of card)   any cvv  
       
Visa Declined    
Card Name   Joe Soap  
Card Number   4242424242424242  
Card Type   Visa  
Expiry Date   Any date in future  
CVV Number (last 3 digits on back of card)   any cvv  
       
MasterCard Successful    
Card Name   Joe Soap  
Card Number   5100080000000000  
Card Type   MasterCard  
Expiry Date   Any date in future  
CVV Number (last 3 digits on back of card)   any cvv  
       
MasterCard Declined    
Card Name   Joe Soap  
Card Number   5404000000000001  
Card Type   MasterCard  
Expiry Date   Any date in future  
CVV Number (last 3 digits on back of card)   any cvv  
       
Amex Successful
Card Name Joe Soap
Card Number  370000200000000
Card Type AMEX
Expiry Date  Any date in future
CVV Number(last 3 digits on back of card)  any cvv
Amex Declined
Card Name Joe Soap
Card Number  374200000000004
Card Type AMEX
Expiry Date  Any date in future
CVV Number(last 3 digits on back of card)  any cvv
   
Diners Successful
Card Name Joe Soap
Card Number 
36135005437019
Card Type Diners
Expiry Date  Any date in future
CVV Number(last 3 digits on back of card)  any cvv
   
Diners Declined
Card Name Joe Soap
Card Number 
36135182434011
Card Type Diners
Expiry Date  Any date in future
CVV Number(last 3 digits on back of card)  any cvv
   
Maestro Successful
Card Name Joe Soap
Card Number  5641821111166669
Card Type Maestro
Expiry Date  Any date in future
CVV Number(last 3 digits on back of card)  any cvv
   
Maestro Declined
Card Name Joe Soap
Card Number 
6759411100000008
Card Type Maestro
Expiry Date  Any date in future
CVV Number(last 3 digits on back of card)  any cvv

3D Secure Test Cards

Visa Successful    
Card Name   Joe Soap  
Card Number   4000000000000002  
Card Type   Visa  
Expiry Date   Any date in future 
CVV Number (last 3 digits on back of card)   any cvv  
     
Visa Failed    
Card Name   Joe Soap  
Card Number   4000000000000010  
Card Type   Visa  
Expiry Date   Any date in future  
CVV Number (last 3 digits on back of card)   any cvv  
     
MasterCard Successful    
Card Name   Joe Soap  
Card Number   5200000000000007  
Card Type   MasterCard  
Expiry Date   Any date in future  
CVV Number (last 3 digits on back of card)   any cvv  
     
MasterCard Failed    
Card Name   Joe Soap  
Card Number   5200000000000023  
Card Type   MasterCard  
Expiry Date   Any date in future 
CVV Number (last 3 digits on back of card)   any cvv  

Test CCV

As additional account security, every credit card comes with a special three or four digit code generally known as a CVV2 or CVV number. Cardholders will be requested to enter this when processing an online payment. An identity thief who has come across credit card information illegally will not have access to the CVV number if they do not have physical access of the card.

Go Live Checklist

Overview

Use the Go Live Check List to make sure that you have completed all necessary tasks before going live. Please ensure that the following criteria have been met:

Configuration

  1. Virtual Form Post have been embedded onto your website

  2. Merchant Payment Page have been configured in Adumo Online Portal

  3. Merchant ID and Application ID of the “Merchant” (NOT test Merchant ID and Application ID) is being used in your message type.

Testing

  1. Test a Successful Transaction using our Virtual Test Cards

  2. Test a Decline transaction using our Virtual Test Cards

  3. Test transactions are visible in Adumo Online Portal

Go Live

  1. Merchant received Go Live email from Adumo Online. This email will contain the merchants Customer ID and Merchant ID .
    (If not, have merchant contact support@adumoonline.com)

  2. Ensure that you are using the Live URL.

  3. Perform Live transaction with Live card

Integration Support

Merchants

If you are a merchant that has signed up with Adumo Online's Virtual solution, you will have access to Adumo Online's Integration Help Desk for telephonic and email support. Telephonic support is available 8am to 5pm GMT +2. Email support is 8am to 5pm GMT + 2 and connects directly to our help desk through our ticketing system.

Developers

If you are a developer that you will have access to Adumo Online's Integration Help Desk for email support. Email support is 8am to 5pm GMT + 2 and connects directly to our help desk through our ticketing system.

If you send an email you will immediately be emailed back a reference to track your integration query.

Email: support@adumoonline.com

JSON Web Token (JWT)

What is JSON Web Token?

"JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed."


You can read more here (https://jwt.io/introduction)


You must implement the JSON Web Token (JWT) in the request to us and validate the response token (_RESPONSE_TOKEN)


We strongly recommend the following validation on the response token:

  1. Confirm the signature of the JWT token is valid

  2. Confirm that the values in the JWT token match with the values for the order.

  3. The values that must get validated are:

    mref (Merchant Reference)

    amount

    auid (Application UID)

    cuid (Merchant UID)

  4. Use the result field in the JWT token as your success and failed indicator

Warning: Failure to put the recommended JTW token validations in place could lead to financial losses.


Example JWT

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtdWlkIjoiMzQ4OEJGNzItMDFFNi00REU1LUI2NjAtMUZFQTdGOUE0Q0NBIiwiY3VpZCI6IjM0ODhCRjcyLTAxRTYtNERFNS1CNjYwLTFGRUE3RjlBNENDQSIsImp0aSI6IjUyMjViZmQ1NDExMWFzZGNhM2EiLCJpYXQiOjE1NTI5MTMzOTgsImV4cCI6MTU1Mzk5OTc5OH0.d8uEgDew3SiUxpe-Kyp3NqZJgJo75FlRN5G3AXohk5Y

Request Example

{
"iss": "Dev Center",
"cuid": "9ba5008c-08ee-4286-a349-54af91a621b0",
"auid": "4196b0b8-db88-42e5-a06d-294a5e4ded87",
"amount": "12.00",
"mref": "DEV_xUQ58CeG",
"jti": "QXiY24ZQvuPkwvU6KlDokWIgeX387MlX+M3qF8OrhRY=",
"iat": 1621936758,
"exp": 1621937358
}

Decoded Response Example

{
"jti": "[B@51c83aae",
"iat": 1612528158,
"cuid": "BAAB2819-7286-49D3-8AD3-1212B3B40C2A",
"auid": "A50376D2-0CDF-46DF-BDDD-30F0B514D853",
"result": -1,
"transactionIndex": "5bb926df-68ed-4154-bf01-cd1e7f2278a5",
"mref": "DV_LNMnOi8bUn",
"amount": "0.02",
"mode": "1",
"tkn": "",
"puid": "e36bdd6e-c9c1-4aa6-a10d-8f0ce9b6d361",
"exp": 1612528758
}

JWT(Token field) can be programatically constructed as follows:

php Example using a standalone php library

require_once('jwt.php');

  $SecretKey = 'NFeCMY17FoaDkLe3azMchsNbLOpgkO2Wh58'; //Supplied by Adumo Online

  $payloadArray = array();
  $payloadArray['iss'] = $iss; //The identity of the party that issued the JWT. The claim holds a simple string, of which the value is at the discretion of the issuer
  $payloadArray['cuid'] = $MerchantID;
  $payloadArray['auid'] = $ApplicationID;
  $payloadArray['amount'] = $amount;
  $payloadArray['mref'] = $merchantReference;
  $payloadArray['jti'] = base64_encode(random_bytes (32));
  $payloadArray['iat'] = time() - 60;
  $payloadArray['exp'] = time() + 600;

  //$Token will be used to populate the Token form field in the POST to our payment page
  $Token = JWT::encode($payloadArray, $SecretKey);

  //The response token can be decoded as follows
  $decodedData = JWT::decode($jwtToken, $SecretKey, array('HS256'));

You can download the above sample code here (Virtual Example with JWT.zip)

You can find more code examples here (https://jwt.io/#libraries-io)

HTML Sample

If you have in‐depth HTML knowledge or web development skills you can create more variables. The below examples could be applied if you have a web application or shopping cart. The Below HTML example shows how your form POST could look when extensive information is getting sent to Adumo Online:

The below code can be copied into your code for testing purposes. Please note however, that before going live, you will need to change the details in the above example.


Note: The Virtual solution does not support iframes, if you wish to process payments without the user leaving your website please consider the enterprise solution.


Reference

Payment Methods

Overview

Merchants can use Virtual to integrate with any of Adumo Online's payment methods.  The payment methods that Adumo Online offer can be found at https://www.adumoonline.com/solutions

Examples of these payment methods are:

  • Credit Card & Debit Card
  • SecureEFT
  • Visa Checkout
  • Mobicred

Payment Options Page

Process Flow Description for Payment Page

  1. The merchant begins the process by posting a ‘Request’ to Virtual.
  2. All the payment methods linked to the application ID used will display in the payment options menu.
  3. Virtual processes the transaction to the relevant financial service provider.
  4. Virtual replies immediately by posting back detailed ‘Response’ data. The detailed response will include the payment method that was used to pay.
  5. In some cases, the payment method chosen will be more suited to an ‘asynchronous’ process. For instance, when the client is given payment instructions by Virtual and these instructions can take some time to complete. If/when Virtual receives a response from the financial service provider, then Virtual will post the ‘Response’ data back to the RedirectSuccessfulURL or RedirectFailedURL provided by the merchant in step 1.
Payment Options Example Page

Example of Payment Options Page

Payment Option Page Customization

The payment options page is customizable (example: merchant logo) to maintain the look and feel of the merchant system as far as possible. This is done from within the Adumo Online Web Console. Click here to see how to upload logo.

Virtual 1Click

Introduction to 1Click

1Click payments offers the card holder a simplified checkout experience. The solution caters for customers that repeatedly purchase goods or services from a merchant’s website by simplifying the checkout experience. The solution will tokenize the card holder’s details during the initial transaction. For subsequent transactions, the merchant can be configured to allow the cardholder to enter a CVV or not, to process the payment, making the checkout process more simplified. At any point, the card holder can amend card details, which will update the token with the new card information.

For the Virtual 1Click solution, it is possible to store multiple cards, allowing the user the ability to choose the tokenized card they wish to pay with.

1Click Payment Process

One of the main benefits of utilising the 1Click - Virtual Solution is the simplicity in which to integrate it into your online website. It requires less development work than other Adumo Online Solutions and security measures are already incorporated by Adumo Online.

Virtual Tokenization Process Flow

1Click Process Flow

1) Submit a form POST to the Virtual payment page and include an additional form field in your request <input type = "hidden" name = "puid" value = "3488BF72-01E6-4DE5-B660-1FEA7F9A4CCA">

2) The payment page reads the puid field and does a lookup to see if the token has been registered before:

3) If card detail is not registered yet (Card holders first time making a payment):

  • The card holder is required to enter full card details and select "Save and Pay Now".
  • Adumo Online takes the card details with the token submitted in the form POST and registers the details in the Adumo Online's database.
  • The transaction is then processed as normal to the bank.
  • The transaction results are returned in the message response.
  • The PUID is the Profile ID that all tokenized cards are associated with and is returned in the JWT.

4) If card holder is registered (Card holder’s second time making a payment):

  • The payment page will display all previously registered cards for the cardholder, with pre-populated fields containing their card details (retrieved from the Adumo Online database).
  • The card holder is asked for their CVV if required by the merchant (last 3 digits on the back of the card).
  • The card holder selects to "Pay Now" at which stage Adumo Online processes the transaction and the card holder is debited.
  • The results of the transaction are posted back to the website.

5) If card holder is registered and wants to modify their details:

  • The payment page will display all previously registered cards for the card holder, with pre- populated fields containing their card details (retrieved from the Adumo Online database).
  • The card holder chooses a card and selects to "Edit".
  • The card holder is then asked for their updated card details.
  • The card holder selects "Pay Now" where an update is done on their card details. This updates Adumo Online's database to the new card details the card holder entered.
  • The transaction is processed to the bank.
  • The results of the transaction are posted back to website.

6) If card holder is registered and the card has expired:

  • The card holder is displayed a message informing them that their card has expired.
  • The card holder is forced to update their card details and are prompted for updated card details.
  • The card holder selects "Pay Now" and the card details are updated.
  • The transaction is processed and the card holder is debited.
  • The results of the transaction are posted back to website.

SecureEFT

SecureEFT is a streamlined version of a traditional EFT. It makes payment of a bank transfer a lot faster and easier by eliminating certain steps such as creating a beneficiary, entering the reference number and amount or provide a proof of payment. SecureEFT only requires a buyer to login to their bank account and authenticate the payment through the banks one time pin or authentication methodology.

SecureEFT Transaction Process

Step 1 - The customer selects the SecureEFT payment option

Step 2 - The customer is prompted to select their bank

Step 3 - The customer would sign into there banking profile using there internet banking details

Step 4 - SecureEFT returns the results of the payment to Adumo Online

Step 5 - Adumo Online returns these results to the merchant. The merchant can then display the results on the payment confirmation page

SecureEFT Page

Example of SecureEFT Page

Reference

Virtual Reference

Close