Hosted Payment Page
Ezypay's Hosted Payment Page (HPP) is an integration solution designed to collect payment method information from customers while maintaining PCI Compliance of your application.
The HPP is an iframe
form embedded in your application to securely gather customer payment data. Upon submission, sensitive information is encrypted and sent to the Ezypay Vault directly, returning a payment method token. Link the token to a customer and use it for future billing. This token-based approach minimizes the PCI scope for your application.
Picture below shows how is the HPP looks like. Kindly proceed to next section if you wish to integrate with Ezypay HPP.
Ezypay offers a different version of HPP for South Korea implementation. Kindly proceed to Korean Hosted Payment Page if are interested in implementation for South Korea.
HPP is used for all payment method supported by Ezypay. It greatly simplifies integrators' efforts as they only require to develop one solution for all different payment methods. However, the payload for different type of payment methods are slightly different. Please refer to our Payment Method Payload section for further understanding.
PCI Compliance Scope Reduction
When cardholder data passes through your hosting environment, your systems fall within PCI compliance scope. Using the HPP ensures all payment method information is passed directly to the Vault, without going through your hosting environment and only return a token for future use.
This reduces the PCI compliance scope for integrators and simplifies development work. You must ensure no storage or logging of credit card information on your site or app.
Payment Method Validation
The HPP validates payment details before submission. If the input does not pass the validation, the form cannot be submitted and an error message is displayed, prompting customers to re-enter valid information. Validation checks include:
For cards
Field | Validation |
---|---|
Card Number | a. Number only b. Valid Card Number Format |
Expiry Date | a. Card is not expired |
Note: The form does not alert customers about cards nearing expiration but not yet expired.
For bank direct debit
AU
Field | Validation |
---|---|
BSB Number | a. Number only b. Valid BSB Number |
Account Number | a. Number only b. Maximum 15 digits |
NZ
Field | Validation |
---|---|
Bank Number | a. Number only b. Must be 2 digits c. Valid Bank Number |
Branch Number | a. Number only b. Must be 4 digits c. Valid Branch Number |
Account Number | a. Number only b. Maximum 7 digits c. Valid account number |
Suffix Number | a. Number only b. must be 2 or 3 digits |
For wallet
Field | Validation |
---|---|
Phone Number | a. Number only b. Valid Philippines Phone number |
For PayTo
Field | Validation |
---|---|
Phone Number (not required if email address or BSB number is provided) | a. Number only b. Valid Australia Phone number |
Email Address (not required if phone number or BSB number is provided) | a. Valid email address format |
BSB Number (not required if phone number or email address is provided) | a. Number only b. Valid BSB Number |
Account Number (not required if phone number or email address is provided) | a. Number only b. Maximum 15 digits |
Updated about 2 months ago