Caisse de paiement
La caisse de paiement de Cardflo fournit une solution de page de paiement hébergée, redirigeant les clients vers un environnement sécurisé, de marque Cardflo ou co-brandé pour le paiement.
Cette approche réduit considérablement la portée de la conformité PCI pour les marchands tout en offrant une expérience de paiement robuste et riche en fonctionnalités. Elle convient aux entreprises qui privilégient la sécurité et le déploiement rapide avec un minimum de frais de développement.
- Catégorie
- Paiement
- Capacités
- 10
- Disponible sur
- Tous les plans
L'aperçu
A cashier checkout functions as a hosted payment environment where the customer is redirected from the merchant site to a secure interface managed by a payment service provider.
This architectural choice places the burden of sensitive data capture on the acquirer or gateway infrastructure, effectively isolating the merchant from primary cardholder data.
By utilising a hosted page, businesses can facilitate transactions via various methods including credit cards, digital wallets, and alternative payment methods without the development complexity of bespoke integrations.
The system handles the entire authorisation flow, including the execution of Strong Customer Authentication and 3DS protocols, before returning the customer to the merchant site with a success or failure notification.
This model is common for businesses that require high security and minimal data handling, as it simplifies the process of achieving and maintaining PCI DSS compliance through the use of pre-certified components.
Comment ça marche
Initialisation and Redirect
When a customer initiates a transaction, the merchant server sends a request to the payment gateway API. The gateway generates a unique session and returns a secure URL.
The merchant site then redirects the browser to this hosted environment, ensuring no card data enters the merchant infrastructure.
Payment Method Selection
The hosted page presents the available payment options based on the merchant configuration, customer location, and transaction currency.
The customer selects their preferred method, such as a scheme card or digital wallet, and enters the necessary credentials within the secure, governed frame of the payment provider.
Authentication and Authorisation
The system executes required security checks, including CVV verification and AVS. If mandated by PSD2 regulations, the interface triggers a 3DS challenge.
Once authenticated, the transaction request is routed through the acquirer to the issuer for authorisation, following standard clearing and settlement protocols.
Callback and Reconciliation
Following the issuer response, the hosted page redirects the customer back to the merchant site. Simultaneously, an asynchronous webhook is sent to the merchant server to update the order status.
This ensures that the transaction state is synchronised across both systems for accurate record keeping.
Pourquoi c'est important
Reduces PCI Compliance Scope
By utilising a hosted cashier, the merchant avoids direct contact with sensitive cardholder data. This allows for the use of simpler Self-Assessment Questionnaires, such as SAQ A, rather than more complex assessments required for direct API integrations.
It reduces the technical and operational overhead associated with maintaining a secure environment and performing regular vulnerability scans and audits.
Facilitates Global Expansion
A hosted checkout environment typically supports a wide range of alternative payment methods and local currencies without requiring the merchant to build individual integrations for each.
The service provider manages the underlying relationships with various local acquirers and schemes, allowing businesses to accept payments in multiple jurisdictions while maintaining a uniform reporting structure and settlement process.
Security and Maintenance
Hosted pages are updated by the provider to include the latest security patches, compliance requirements, and payment technologies.
This eliminates the need for the merchant to manually update their code when schemes mandate changes to 3DS specifications or when new regulatory requirements like PSD3 are introduced. It ensures the payment flow remains functional and compliant with minimal internal developer intervention.
Cas d'usage
High Volume Retailers
Large merchants prioritising rapid deployment across multiple regional storefronts use hosted pages to maintain a consistent payment experience while offloading the security risks associated with handling card data during peak traffic periods.
Cross Border E-commerce
Businesses expanding into international markets utilise hosted checkouts to instantly offer local payment methods and currency conversion, which are often pre-configured within the provider's global acquiring network.
SME and Boutique Brands
Smaller enterprises with limited technical resources favour this model to achieve secure, professional grade checkout functionality with minimal coding effort, ensuring focus remains on core business operations rather than infrastructure.
Subscription Based Services
Services requiring initial tokenisation of payment methods for recurring billing use hosted environments to securely capture and vault credentials before initiating subsequent merchant initiated transactions.
En chiffres
This represents a typical reduction in the volume of security controls a merchant must personally manage when moving from a direct API to a hosted redirect model.
Industry benchmarks suggest that hosted pages can be integrated multiple times faster than bespoke API integrations, depending on the complexity of the existing tech stack.
High performance gateways aim for processing times under two seconds, though total redirect time depends on the customer's network and the issuer's 3DS response speed.
Termes associés
Talk to our team about a live rollout on your acquiring stack.
What you get with Caisse de paiement
- La page de paiement hébergée et sécurisée réduit la charge de conformité PCI.
- Pré-construite et optimisée pour la conversion, nécessitant une configuration minimale.
- Prend en charge un large éventail de méthodes de paiement et de devises.
- Options de personnalisation de la marque pour un aspect et une convivialité cohérents.
- Mises à jour automatiques des nouvelles fonctionnalités et des normes de sécurité.
- Une infrastructure fiable et évolutive gère des volumes de transactions élevés.
- Handles complex routing and failover logic automatically to improve authorisation success rates
- Includes built in fraud prevention tools such as AVS and CVV verification requirements
- Reduces development time through pre-built templates and standardised API redirection protocols
- Supports secure tokenisation for subsequent recurring transactions and merchant initiated payments
A short scoping call, then a written plan for your MIDs.
Questions about Caisse de paiement
Comment la caisse de paiement réduit-elle la portée de la conformité PCI ?
La caisse de paiement redirige les clients vers une page hébergée par Cardflo pour le paiement, ce qui signifie que les données sensibles de la carte ne touchent jamais vos serveurs.
Cela réduit considérablement votre portée de conformité PCI, car Cardflo gère les exigences de sécurité et de conformité pour le stockage et la transmission des données de la carte. Les marchands bénéficient d'un effort d'audit réduit.
Puis-je personnaliser la page de caisse de paiement ?
Oui, bien qu'hébergée, la caisse de paiement de Cardflo offre des options de personnalisation. Vous pouvez appliquer votre marque, y compris les logos et les schémas de couleurs, pour vous assurer que la page correspond à l'identité visuelle de votre entreprise.
Cela crée une expérience cohérente pour vos clients, même sur une page redirigée.
La caisse de paiement est-elle adaptée aux utilisateurs mobiles ?
Oui, les pages de caisse de paiement de Cardflo sont conçues pour être entièrement réactives et optimisées pour divers appareils, y compris les smartphones et les tablettes.
L'interface utilisateur s'adapte dynamiquement aux tailles d'écran, garantissant une expérience de paiement fluide et conviviale pour tous les clients, quel que soit leur appareil d'accès.
What happens if a customer closes the window during the redirect?
If a customer terminates the session before the redirect is complete, the transaction remains in a pending or cancelled state. Systems typically use webhooks to notify the merchant server if a session expires or is abandoned.
The merchant's order management system should be configured to handle these status updates, either by allowing the customer to retry the payment or by automatically cancelling the order after a specific period of inactivity.
Is a hosted checkout suitable for mobile applications?
Hosted checkouts can be used in mobile applications, often through a web view or by opening the mobile browser. However, for a fully native experience, some providers suggest using SDKs.
The hosted page itself is usually designed with responsive web design principles to ensure it functions correctly on various screen sizes, providing a functional payment path for mobile users while maintaining the security benefits of a hosted environment.
How are alternative payment methods configured in the checkout?
Alternative payment methods like digital wallets or bank transfers are typically enabled at the PSP or gateway level. Once configured in the merchant's account, these options automatically appear on the hosted checkout page based on the transaction's parameters.
This allows merchants to dynamically offer relevant payment methods to different customer segments without needing to update the integration code on their own website.
What is the difference between a hosted page and an iFrame?
A hosted page involves a full redirect where the URL in the browser changes to the provider's domain. An iFrame embeds the payment form directly within the merchant's page, keeping the merchant's URL visible.
While both methods help reduce PCI scope, a full redirect is often considered easier to implement and provides a clear separation of environments, whereas an iFrame requires more careful handling to ensure it remains responsive and secure.
Prêt à accélérer ?
Parlez-nous de votre activité. Nous vous mettrons en relation avec les bons partenaires acquéreurs et la bonne route, généralement en moins d'une semaine.
