Overview
If your company sells products online via an ecommerce site, you may need a way for your customers to securely submit their payment method information during the checkout process. Just like the order (subscription) details, the payment method data also gets submitted to Zuora where it is securely stored and used to process recurring payments.
Zuora supports both electronic payment methods (examples of these are credit cards, bank transfer, or PayPal) and external payment methods (check or cash). Accepting credit card payment methods online requires you (as the merchant) to achieve and maintain a level of security that meets the requirements of the Payment Card Industry (PCI Compliance). PCI Data Security Standard (PCI DSS) is a set of requirements to ensure companies that process, store, or transmit credit card information maintain a secure environment. See PCI SSC Data Security Standards Overview for more information on PCI Compliance.
This article provides information on how you can use Zuora's Z-Payments Page to accept new payment methods. The Z-Payments Page is a premium offering available today in controlled release that allows you to capture payment methods for new or existing customers in a fully secure and PCI Compliant manner. Zuora is PCI DSS compliant, as well as SAS 70, Safe Harbor compliant and we are on MasterCard and Visa Card's list of approved providers.
Solution
Zuora's Z-Payments Page is a fully customizable hosted page that allows merchants to collect payment methods without worrying about PCI compliance. The Z-Payments Page can then be an iframe hosted from Zuora's environment that you drop into your website to collect and transmit your customers' cardholder information safely and securely to Zuora's PCI Compliant servers.
Since the iFrame is hosted on Zuora, the cardholder data does NOT pass through your environment which relieves you of having to adhere to the strict PCI requirements. Zuora protects all your customer sensitive data at the highest level of compliance from the moment it accepts the card data to when it stores it and uses it to process recurring payments. In addition to leveraging Zuora's Z-Payment Page on your website using a standard HTML iframe, you can also invoke Zuora's Z-Payments Page from inside a Salesforce.com Visual Force page again gaining access to Zuora's PCI compliance and security. Now your Salesforce.com customer service representatives can collect credit card information over the phone as long as they are trained to properly handle card information (such as not writing the credit card information down anywhere), the solution remains PCI Compliant.
If you do not use Zuora's Z-Payments Page, you can still use Zuora to store the credit cards you collect through your own screens, but unless you have obtained your own PCI Compliance Certificate for your servers (these are servers presenting the card collection screens), your customer facing solution is not considered PCI-compliant.
Related
- Payment Method
- Zuora offers three payment method options: Z-Payment Method, External Payment Method, or None. See Payment Methods for more information.
- Configure Payment Method Retry Rules
- Zuora allows you to retry payments on a scheduled basis by using scheduled payment runs which will process any invoices that have not been fully paid for customers who have auto-pay enabled. You can also specify the maximum number of consecutive times a failed payment method (for example, credit card) is retried for payment, as well as the ability to define a time period to not retry a payment. For instance if you define the interval as 8 hours, an automated payment retry will not attempt a payment if the last failed payment was less than 8 hours ago.
- Payment Methods
- The payment method refers to the form of payment customers are using. For online purchases, they usually take the form of electronic payments like credit cards, debit cards, bank transfers, third-party processors (such as Paypal), or non-electronic payments like checks and cash. The customer's method of payment can be created and edited in the customer account. To learn more, and to configure payment methods, see Define Payment Methods.
- Supported Payment Methods
- This topic describes the payment methods supported by the payment gateways. Empty fields in the tables indicate that the payment method is not supported by that payment gateway.
- Direct Debit for GlobalCollect
- Direct debit is a way of collecting funds for a payment directly from a customer’s bank account. It is a very common method of payment in many countries and is frequently used for payment of utilities (such as telephone bills) or mortgage which occur on a recurring basis.
- Implementing Direct Debit with GlobalCollect
- Although direct debit is treated like any other electronic payment method in Zuora, there are additional steps that you need to perform to implement this payment method. These topics provide an overview of implementing and managing direct debit transactions using the Zuora-GlobalCollect integration. During your integration please contact your GlobalCollect integration manager or Zuora Global Support for assistance.Your GlobalCollect integration manager will provide you documentation and guides to implement direct debit for the specific countries you want to support. For example, direct debit in the United Kingdon has different rules and regulations than direct debit in Germany.
- Direct Debit Mandates
- Unlike credit cards, you (the merchant) must obtain authorization from your customers to debit their bank account for payment. This authorization can be a confirmation page on the your web store in which authorization is confirmed by your customer when they accept your stated terms and conditions. Alternatively, the authorization can be provided using a signed agreement called a mandate.
- Obtaining and Processing Mandates
- Mandates are obtained and maintained by you (the merchant) and not by Zuora or your payment services provider, GlobalCollect. The mandate information along with your customer’s bank account information is submitted to GlobalCollect with each payment transaction request.
- Retaining Mandates
- You, the merchant, are required to keep a mandate up to date for as long as you continue to debit your customer’s account.
- Customer Notifications for Direct Debit
- Some countries require you, the merchant, to provide the customer with advance notice before debiting the customer's account for payment, while other countries may not require it but consider it a best practice. Advance notice is especially important when the recurring fees have changed, for example, the customer purchased an additional product this month.
- Setting Up a Payment Method for a Customer Account (Beginner)
- Authorize.net Gateway (Intermediate)
- Chase Paymentech Orbital Gateway (Salem Platform) (Intermediate)
- Chase Paymentech Spectrum (Intermediate)
- CyberSource Payment Gateway (Intermediate)
- Litle Payment Gateway (Intermediate)
- PayPal Adaptive Payments (Intermediate)
- PayPal Payflow Pro, Website Payments Payflow Edition, Website Pro Payment Gateway (Intermediate)
- Selecting and Signing up for a Payment Gateway
- How do I allow customers to modify their stored payment methods?
- How do I choose a payment gateway?
- How do I control when Zuora will authorize the Payment Method?
- How do I handle ACH or Direct Debit payments that are reversed?
- How do I migrate my credit card data from my payment gateway to Zuora?
- How do I use the credit card reference transaction payment method in Zuora?
- How do I use the Paypal (BAID) payment method in Zuora?
Comments