Hosted Payment Page

Ezypay's Hosted Payment Page is an integration solution designed to collect payment method information from customers while maintaining PCI Compliance for your application.

The Hosted Payment Page is an iframe form embedded in your application to securely gather customer payment data. Upon submission, sensitive information is sent to the Ezypay Vault directly, returning a payment method token. Link the token to a customer and use it for future billing. This token-based approach minimizes the PCI scope for your application.

Hosted Payment Page is used for all payment methods supported by Ezypay unless specified otherwise. It greatly simplifies integrators' efforts as they're only required to develop one solution for all Ezypay-supported payment methods.

PCI compliance scope reduction

When cardholder data passes through your hosting environment, your systems fall within PCI compliance scope. Using the Hosted Payment Page ensures all payment method information is passed directly to the Ezypay Vault without going through your hosting environment - returning only a token for future use.

This reduces the PCI compliance scope for integrators and simplifies development work. You must ensure no storage or logging of card information on your site or app.

Payment method validation

The Hostee Payment Page validates payment details before submission. If the input does not pass the validation, the form cannot be submitted and an error message is displayed, prompting customers to re-enter valid information. Validation checks include:

For cards

Field	Validation
Card Number	a. Number only b. Valid Card Number Format
Expiry Date	a. Card is not expired

Note: The form does not alert customers about cards nearing expiration but not yet expired.

For bank direct debit

Field	Validation
BSB Number	a. Number only b. Valid BSB Number
Account Number	a. Number only b. Maximum 15 digits

Field	Validation
Bank Number	a. Number only b. Must be 2 digits c. Valid Bank Number
Branch Number	a. Number only b. Must be 4 digits c. Valid Branch Number
Account Number	a. Number only b. Maximum 7 digits c. Valid account number
Suffix Number	a. Number only b. must be 2 or 3 digits

For wallet

Field	Validation
Phone Number	a. Number only b. Valid Philippines Phone number

For PayTo

Field	Validation
Phone Number (not required if email address or BSB number is provided)	a. Number only b. Valid Australia Phone number
Email Address (not required if phone number or BSB number is provided)	a. Valid email address format
BSB Number (not required if phone number or email address is provided)	a. Number only b. Valid BSB Number
Account Number (not required if phone number or email address is provided)	a. Number only b. Maximum 15 digits

Page content and customisation

The Hosted Payment Page dynamically adjusts content based on the customer's country, displaying only supported payment methods. Custom styling and branding are currently not supported. Recommended iframe sizes are:

Width: 100%
Height: No less than 256 px (use dynamic sizing)
Font size: Dynamic, auto-scaling with the iframe size