收銀台結帳
Cardflo 的收銀台結帳提供託管支付頁面解決方案,將客戶重定向到安全、Cardflo 品牌或聯合品牌的支付環境。 這種方法顯著降低了商戶的 PCI 合規範圍,同時提供了強大、功能豐富的支付體驗。
它適用於優先考慮安全性並以最少的開發開銷快速部署的業務。
- 類別
- 結帳
- 功能數
- 10
- 適用於
- 所有方案
概覽
A cashier checkout functions as a hosted payment environment where the customer is redirected from the merchant site to a secure interface managed by a payment service provider.
This architectural choice places the burden of sensitive data capture on the acquirer or gateway infrastructure, effectively isolating the merchant from primary cardholder data.
By utilising a hosted page, businesses can facilitate transactions via various methods including credit cards, digital wallets, and alternative payment methods without the development complexity of bespoke integrations.
The system handles the entire authorisation flow, including the execution of Strong Customer Authentication and 3DS protocols, before returning the customer to the merchant site with a success or failure notification.
This model is common for businesses that require high security and minimal data handling, as it simplifies the process of achieving and maintaining PCI DSS compliance through the use of pre-certified components.
運作方式
Initialisation and Redirect
When a customer initiates a transaction, the merchant server sends a request to the payment gateway API. The gateway generates a unique session and returns a secure URL.
The merchant site then redirects the browser to this hosted environment, ensuring no card data enters the merchant infrastructure.
Payment Method Selection
The hosted page presents the available payment options based on the merchant configuration, customer location, and transaction currency.
The customer selects their preferred method, such as a scheme card or digital wallet, and enters the necessary credentials within the secure, governed frame of the payment provider.
Authentication and Authorisation
The system executes required security checks, including CVV verification and AVS. If mandated by PSD2 regulations, the interface triggers a 3DS challenge.
Once authenticated, the transaction request is routed through the acquirer to the issuer for authorisation, following standard clearing and settlement protocols.
Callback and Reconciliation
Following the issuer response, the hosted page redirects the customer back to the merchant site. Simultaneously, an asynchronous webhook is sent to the merchant server to update the order status.
This ensures that the transaction state is synchronised across both systems for accurate record keeping.
為何重要
Reduces PCI Compliance Scope
By utilising a hosted cashier, the merchant avoids direct contact with sensitive cardholder data. This allows for the use of simpler Self-Assessment Questionnaires, such as SAQ A, rather than more complex assessments required for direct API integrations.
It reduces the technical and operational overhead associated with maintaining a secure environment and performing regular vulnerability scans and audits.
Facilitates Global Expansion
A hosted checkout environment typically supports a wide range of alternative payment methods and local currencies without requiring the merchant to build individual integrations for each.
The service provider manages the underlying relationships with various local acquirers and schemes, allowing businesses to accept payments in multiple jurisdictions while maintaining a uniform reporting structure and settlement process.
Security and Maintenance
Hosted pages are updated by the provider to include the latest security patches, compliance requirements, and payment technologies.
This eliminates the need for the merchant to manually update their code when schemes mandate changes to 3DS specifications or when new regulatory requirements like PSD3 are introduced. It ensures the payment flow remains functional and compliant with minimal internal developer intervention.
應用案例
High Volume Retailers
Large merchants prioritising rapid deployment across multiple regional storefronts use hosted pages to maintain a consistent payment experience while offloading the security risks associated with handling card data during peak traffic periods.
Cross Border E-commerce
Businesses expanding into international markets utilise hosted checkouts to instantly offer local payment methods and currency conversion, which are often pre-configured within the provider's global acquiring network.
SME and Boutique Brands
Smaller enterprises with limited technical resources favour this model to achieve secure, professional grade checkout functionality with minimal coding effort, ensuring focus remains on core business operations rather than infrastructure.
Subscription Based Services
Services requiring initial tokenisation of payment methods for recurring billing use hosted environments to securely capture and vault credentials before initiating subsequent merchant initiated transactions.
數據概覽
This represents a typical reduction in the volume of security controls a merchant must personally manage when moving from a direct API to a hosted redirect model.
Industry benchmarks suggest that hosted pages can be integrated multiple times faster than bespoke API integrations, depending on the complexity of the existing tech stack.
High performance gateways aim for processing times under two seconds, though total redirect time depends on the customer's network and the issuer's 3DS response speed.
相關術語
Talk to our team about a live rollout on your acquiring stack.
What you get with 收銀台結帳
- 安全的託管支付頁面減少了 PCI 合規負擔。
- 預建且經過優化以實現轉換,只需最少的設置。
- 支援廣泛的支付方式和貨幣。
- 可定制的品牌選項,提供一致的外觀和感覺。
- 自動更新新功能和安全標準。
- 可靠且可擴展的基礎設施可處理高交易量。
- Handles complex routing and failover logic automatically to improve authorisation success rates
- Includes built in fraud prevention tools such as AVS and CVV verification requirements
- Reduces development time through pre-built templates and standardised API redirection protocols
- Supports secure tokenisation for subsequent recurring transactions and merchant initiated payments
A short scoping call, then a written plan for your MIDs.
Questions about 收銀台結帳
收銀台結帳如何降低 PCI 合規範圍?
收銀台結帳將客戶重定向到 Cardflo 託管的支付頁面,這意味著敏感的卡數據永遠不會接觸您的伺服器。 這顯著減少了您的 PCI 合規範圍,因為 Cardflo 負責卡數據存儲和傳輸的安全和合規要求。
商戶受益於審計工作的減少。
我可以定制收銀台結帳頁面嗎?
是的,儘管是託管的,Cardflo 的收銀台結帳提供定制選項。 您可以應用您的品牌,包括徽標和配色方案,以確保頁面與您公司的視覺形象保持一致。
這為您的客戶創造了統一的體驗,即使是在重定向頁面上。
收銀台結帳適用於移動用戶嗎?
是的,Cardflo 的收銀台結帳頁面設計成完全響應式並針對各種設備進行了優化,包括智能手機和平板電腦。
用戶界面會根據屏幕尺寸動態調整,確保所有客戶無論其訪問設備如何,都能獲得流暢且用戶友好的支付體驗。
What happens if a customer closes the window during the redirect?
If a customer terminates the session before the redirect is complete, the transaction remains in a pending or cancelled state. Systems typically use webhooks to notify the merchant server if a session expires or is abandoned.
The merchant's order management system should be configured to handle these status updates, either by allowing the customer to retry the payment or by automatically cancelling the order after a specific period of inactivity.
Is a hosted checkout suitable for mobile applications?
Hosted checkouts can be used in mobile applications, often through a web view or by opening the mobile browser. However, for a fully native experience, some providers suggest using SDKs.
The hosted page itself is usually designed with responsive web design principles to ensure it functions correctly on various screen sizes, providing a functional payment path for mobile users while maintaining the security benefits of a hosted environment.
How are alternative payment methods configured in the checkout?
Alternative payment methods like digital wallets or bank transfers are typically enabled at the PSP or gateway level. Once configured in the merchant's account, these options automatically appear on the hosted checkout page based on the transaction's parameters.
This allows merchants to dynamically offer relevant payment methods to different customer segments without needing to update the integration code on their own website.
What is the difference between a hosted page and an iFrame?
A hosted page involves a full redirect where the URL in the browser changes to the provider's domain. An iFrame embeds the payment form directly within the merchant's page, keeping the merchant's URL visible.
While both methods help reduce PCI scope, a full redirect is often considered easier to implement and provides a clear separation of environments, whereas an iFrame requires more careful handling to ensure it remains responsive and secure.
