Hosted Payment Page

Ezypay's Hosted Payment Page (HPP) is an integration solution designed to collect payment method information from customers while maintaining PCI Compliance of your application.

The HPP is an iframe form embedded in your application to securely gather customer payment data. Upon submission, sensitive information is encrypted and sent to the Ezypay Vault directly, returning a payment method token. Link the token to a customer and use it for future billing. This token-based approach minimizes the PCI scope for your application.

Picture below shows how is the HPP looks like. Kindly proceed to next section if you wish to integrate with Ezypay HPP.

Ezypay offers a different version of HPP for South Korea implementation. Kindly proceed to Korean Hosted Payment Page if are interested in implementation for South Korea.

HPP is used for all payment method supported by Ezypay. It greatly simplifies integrators' efforts as they only require to develop one solution for all different payment methods. However, the payload for different type of payment methods are slightly different. Please refer to our Payment Method Payload section for further understanding.

PCI Compliance Scope Reduction

When cardholder data passes through your hosting environment, your systems fall within PCI compliance scope. Using the HPP ensures all payment method information is passed directly to the Vault, without going through your hosting environment and only return a token for future use.

This reduces the PCI compliance scope for integrators and simplifies development work. You must ensure no storage or logging of credit card information on your site or app.

Payment Method Validation

The HPP validates payment details before submission. If the input does not pass the validation, the form cannot be submitted and an error message is displayed, prompting customers to re-enter valid information. Validation checks include:

For cards

Field	Validation
Card Number	a. Number only b. Valid Card Number Format
Expiry Date	a. Card is not expired

Note: The form does not alert customers about cards nearing expiration but not yet expired.

For bank direct debit

Field	Validation
BSB Number	a. Number only b. Valid BSB Number
Account Number	a. Number only b. Maximum 15 digits

Field	Validation
Bank Number	a. Number only b. Must be 2 digits c. Valid Bank Number
Branch Number	a. Number only b. Must be 4 digits c. Valid Branch Number
Account Number	a. Number only b. Maximum 7 digits c. Valid account number
Suffix Number	a. Number only b. must be 2 or 3 digits

For wallet

Field	Validation
Phone Number	a. Number only b. Valid Philippines Phone number

For PayTo

Field	Validation
Phone Number (not required if email address or BSB number is provided)	a. Number only b. Valid Australia Phone number
Email Address (not required if phone number or BSB number is provided)	a. Valid email address format
BSB Number (not required if phone number or email address is provided)	a. Number only b. Valid BSB Number
Account Number (not required if phone number or email address is provided)	a. Number only b. Maximum 15 digits