Interact with POS - Terminal Devices and Banking Switching Systems

Question

I have a project in which I need to interact with POS - Terminal Devices and magnetic/chip cards. Let's say, whenever customer buy goods from my department store, staff from this store will stripe customer's financial cards and make payment transaction.

For those similar system, most of the forums say that it should be considered to use third party API such as:

• PayPal
• Braintree
• Authorize.NET.
• Google Check-Out API.

But I think that those APIs should use for those kind of system which will go to international payment processing. As for me, I assume that my system is not as big as international payment processing and will start working as a domestic small system.

So what I would like to know is which will be the best solution and how the system architecture will be?

When I read a Authorize.Net page, I found the routine of Credit Card Processing.

• Do i need to follow this whole procedure no matter whether my project is big or small, international running or domestic running?

• Do I really need to follow this procedure to make payment process with POS - Terminal Devices ?

One thing I know is that ISO 8583 is the essential financial messaging protocol because most of the banking switching software system, for my region, use only these messaging format. This means that I cannot use other messaging format such us NDC or D912.

Answer 1

Authorize.net is very easy to use. All you need to do to process cards is to send an https post in XML format. There are several examples on the Authorize.net developer site. As far as swiping cards, most card readers emulate keyboard presses. A swiped card looks similar to this:

'%B5500692805076849^SMITH/STEPHEN A^12041010000000      00969000000?;5500692805076849=12041010000000969?`

Then parse the card number "5500692805076849", Name "SMITH/STEPHEN A" and expiration date "1204" and pass those on the Authorize.net

Private Sub cmdCharge_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdCharge.Click
    ' By default, this sample code is designed to post to our test server for
    ' developer accounts: https://test.authorize.net/gateway/transact.dll
    ' for real accounts (even in test mode), please make sure that you are
    ' posting to: https://secure.authorize.net/gateway/transact.dll
    cmdCharge.Enabled = False
    lblResponse.Text = "Processing....."
    Application.DoEvents()
    Dim post_url
    post_url = "https://test.authorize.net/gateway/transact.dll"

    Dim post_values As New Dictionary(Of String, String)

    'the API Login ID and Transaction Key must be replaced with valid values
    post_values.Add("x_login", "XXXXXXX")
    post_values.Add("x_tran_key", "XXXXXXXXX")
    'post_values.Add("x_test_request", "TRUE")
    post_values.Add("x_delim_data", "TRUE")
    post_values.Add("x_delim_char", "|")
    post_values.Add("x_relay_response", "FALSE")

    post_values.Add("x_type", "AUTH_CAPTURE")
    post_values.Add("x_method", "CC")
    post_values.Add("x_card_num", txtCard.Text)
    post_values.Add("x_exp_date", txtExp.Text)

    post_values.Add("x_amount", txtAmount.Text)
    'post_values.Add("x_description", "Sample Transaction")

    post_values.Add("x_first_name", txtFirst.Text)
    post_values.Add("x_last_name", txtLast.Text)
    'post_values.Add("x_address", "1234 Street")
    'post_values.Add("x_state", "WA")
    post_values.Add("x_zip", txtZip.Text)
    post_values.Add("x_card_code", txt3CV.Text)

    ' Additional fields can be added here as outlined in the AIM integration
    ' guide at: http://developer.authorize.net

    ' This section takes the input fields and converts them to the proper format
    ' for an http post.  For example: "x_login=username&x_tran_key=a1B2c3D4"
    Dim post_string As String = ""
    For Each field As KeyValuePair(Of String, String) In post_values
        post_string &= field.Key & "=" & field.Value & "&"
    Next
    ' post_string = Left(post_string, Len(post_string) - 1)
    post_string = post_string.Substring(0, Len(post_string) - 1)

    ' create an HttpWebRequest object to communicate with Authorize.net
    Dim objRequest As HttpWebRequest = CType(WebRequest.Create(post_url), HttpWebRequest)
    objRequest.Method = "POST"
    objRequest.ContentLength = post_string.Length
    objRequest.ContentType = "application/x-www-form-urlencoded"

    ' post data is sent as a stream
    Dim myWriter As StreamWriter = Nothing
    myWriter = New StreamWriter(objRequest.GetRequestStream())
    myWriter.Write(post_string)
    myWriter.Close()

    ' returned values are returned as a stream, then read into a string
    Dim objResponse As HttpWebResponse = CType(objRequest.GetResponse(), HttpWebResponse)
    Dim responseStream As New StreamReader(objResponse.GetResponseStream())
    Dim post_response As String = responseStream.ReadToEnd()
    responseStream.Close()

    ' the response string is broken into an array
    Dim response_array As Array = Split(post_response, post_values("x_delim_char"), -1)

    ' the results are output to the screen in the form of an html numbered list.
    Select Case response_array(0)

        Case "1" 'Approved
            lblResponse.Text = "Transaction Approved. " & vbCrLf & response_array(4)

        Case "2" 'Declined
            lblResponse.Text = "Transaction Declined. " & vbCrLf & response_array(3)

        Case "3" 'Error
            lblResponse.Text = "Transaction Error. " & vbCrLf & response_array(3)

        Case "4" 'Held for Review
            lblResponse.Text = "Transaction Held. " & vbCrLf & response_array(3)

    End Select

    ' individual elements of the array could be accessed to read certain response
    ' fields.  For example, response_array(0) would return the Response Code,
    ' response_array(2) would return the Response Reason Code.
    ' for a list of response fields, please review the AIM Implementation Guide

    cmdCharge.Enabled = True
End Sub