Announcement

**ILoveHostasaurus** · 08-02-18, 07:51 AM

The current Miva Merchant PayPal Payments Advanced option supports this on the customer side, but not in the admin, so if you take phone orders that involve the credit card flowing via phone to your agents and then into your store on the admin side, it would not solve that problem. The other two would be Braintree and Square. There is also MivaPay which supports several gateways and we handle the card flow while you continue to use the gateway of your choice, along with adding a credit card storage option for your customers who place ongoing orders, it supports subscriptions, etc.

**oliverands** · 08-02-18, 09:15 AM

Sorry if I'm not understanding completely, but it seems like the Miva documentation (here: https://docs.miva.com/reference-guid...ments-advanced) says something a little different.

PayPal Payments Advanced: PayPal Payments Advanced combines a merchant account (with a monthly fee) and a gateway in one product. Unlike PayPal Payments Pro, with this method you cannot store the customer's credit card information along with their order. This product uses a "hosted checkout" which places an iFrame in your checkout pages. From the customer's perspective they are entering their credit card information in your on-line store, however, the information is being sent directly to PayPal. As of this writing (08/01/12), this method makes PayPal responsible for compliance with the Payment Card Industry standards for secure transactions. Please note that this is subject to change.

And what PayPal provides on Payments Advanced (here:https://developer.paypal.com/docs/cl...ents-advanced/) confirms that this only works with the embedded iframe.

From how it appears to me, transparent redirect is not a hosted checkout and is something different than the older iframe. It's only available with the PayPal Payments Pro account and Payflow--not Payments Advanced. It allows you to use the Pro account and the Payflow connection but you don't process the data at all through your server.

Has the Payments Advanced module been updated somehow since the documentation was written? If so, how is it configured to use the transparent redirect instead of the iframe? I'm looking to avoid use of the old PayPal iframe which you configure in the PayPal Manager and use a solution that allows me to style the input boxes to match the rest of that page. It's not possible to do that with the old iframe.

**ILoveHostasaurus** · 08-02-18, 12:43 PM

Sorry, I misunderstood when you were talking about off-site or the horrible iframe. Perhaps the customization options were limited in the past; certainly would be possible. The current iteration of that module and Merchant has the payment iframe defined within a page specific to this module called PPHC "PayPal Hosted Checkout" where nearly the entire page is fully customizable other than the iframe containing just the card fields, defined as:

Code:

<iframe src="&mvt:paypaladv:hostedcheckouturl;" width="490" height="565" scrolling="no" style="border:none;"></iframe>

So you shouldn't be limited in how that part of the checkout looks unless you are referring to a box size or font issue which may be controlled on the paypal side since they populate the iframe?

**oliverands** · 08-02-18, 11:01 PM

So, yeah, it's the PayPal iframe that I have a problem with. It is not able to be customized to any real extent, and it looks just sort of wrong stuck on a page in the middle of the checkout flow. From the user's perspective, I think it raises a red flag. Just when they get to the moment of truth, when they are supposed to enter their payment information, the look and feel of the website changes. Like, "I'm supposed to put my credit card information in this spot that looks totally different than the rest of the website I've been visiting? It looks like the site has been hacked and my payment info is going to be stolen. No thanks."

A way around this, while still offloading the PCI burden to PayPal, is to use Payflow Pro with transparent redirect enabled. That was my original question. It appears, but I don't know for sure, that there would need to be some enhancement to the module in Miva to allow merchants to opt into using transparent redirect. Here's the link to the technical documentation about how to enable transparent redirect:

PCI Compliance Without Hosted Pages - Transparent Redirect: https://developer.paypal.com/docs/cl...arent-redirect

PCI Compliance Without Hosted Pages - Transparent Redirect

PayPal Payments Pro and Payflow Pro merchants who want PCI compliance while maintaining full control over designing and hosting checkout pages on their website can use Transparent Redirect. Transparent Redirect posts payment details silently to the Gateway server, so this sensitive information never goes through the merchant's website.

Implementing Transparent Redirect is very similar to implementing hosted pages. It differs only in the steps shown in boldface below:

The customer clicks Buy to purchase merchandise on your website.
You request a secure token by passing a secure token ID to the Gateway server. In the request, you pass the name-value pair, SILENTTRAN=TRUE. This name-value pair prevents the hosted pages from displaying.
The Gateway server returns the secure token and your token ID to your website.
You display the credit card fields to the customer in a checkout page on your website.
The customer enters their credit card number, expiration date, and other sensitive data into the credit card fields and clicks Submit. The browser posts the payment data directly to the Gateway server, avoiding your website and easing your PCI compliance requirements.
Note: To ensure that the post goes from the browser directly to PayPal and not back to your website, you should add scripting.
The Gateway processes the payment through the payment processing network.
The Gateway server transparently sends the customer to the location on your website that you specified in the request to obtain a secure token. You display the results to the customer on your website.

Is this something that Miva is aware of?

**ILoveHostasaurus** · 08-03-18, 09:10 AM

There is no active feature request for implementation of the transparent redirect, so I'd recommend first that you create a thread for that at:

https://www.miva.com/forums/forum/ge...dream-features

I do see what you mean though after adding the iframe to a test store; I did not realize the PayPal iframe option had such little control on the PayPal side over the look and feel, and the use of 1990's buttons/fonts, etc. I suspect that would be trivial for them to fix if they wanted to, so my second recommendation would be to lodge a request with your PayPal rep outlining that the 'Layout C' iframe is simply horrible and can they add a new one with either a modern look or customer-specific control over the look.

In the mean time, the only real options to not need to change gateway/merchant account would be either the ugly iframe or MivaPay, where MivaPay can continue to use PayPal as the gateway provider but only touches the actual card number and expiry boxes, so you keep control over all the other stuff around it.

**oliverands** · 08-03-18, 09:46 AM

Thanks. Will do.

Announcement

Using Transparent Redirect to simplicy PCI Compliance with PayPal Payments Pro

Using Transparent Redirect to simplicy PCI Compliance with PayPal Payments Pro

Comment

Comment

Comment

Comment

Comment

Comment