18 July 2011
Over the past several years, PCI DSS has prompted quite a bit of change on the web in credit card processing. There is much to be read on the topic; though, in short, since 2004 a consortium of credit card companies have established the governing standard for how merchants must deal with credit cards online. Achieving compliance, however, can be quite costly.
Enter Braintree, a service based payment solution providing a merchant account, your processing gateway, and recurring billing on a single platform. By externalizing the credit card surface area within your application, Braintree’s unique Transparent Redirect technology allows you to preserve the sales experience within the context of your site while alleviating the hurdles associated with achieving PCI compliance.
In concert with the Braintree's Vault, Transparent Redirect enables developers to productively integrate recurring subscription billing. To remotely create customers within the vault using transparent redirect, call the create customer data method to embed the redirect data within the form as a hidden field.
class PaymentController < ApplicationController def signup @tr_data = Braintree::TransparentRedirect.create_customer_data( :redirect_url => "http://example.com/payment/confirm" ) end end
This data field will include the callback location to your confirmation action to be invoked after sensitive credit card data has been externalized to Braintree in the initial remote form post.
<%= form_tag Braintree::TransparentRedirect.url, :method => :post do %> <%= hidden_field_tag "tr_data", @tr_data %> <%= text_field_tag "customer[credit_card][number]" %> <%= text_field_tag "customer[credit_card][expiration_date]" %> <% end %>
In your confirmation callback action, the customer record can be confirmed using the query string parameter below. The result will contain the identifier tokens which represent the remote customer and credit card, respectively.
result = Braintree::TransparentRedirect.confirm(request.query_string) customer_id = result.customer.id payment_token = result.customer.credit_cards.token
Lastly, to establish a recurring subscription associated with the remote credit card, use the payment token along with the selected plan.
result = Braintree::Subscription.create( :payment_method_token => payment_token, :plan_id => "super_awesome_plan" )
Braintree's innovative approach to externalizing credit card information through transparent redirection takes the pain out of PCI compliance while preserving the user experience within the context of your site. Braintree is paving the way in today’s demanding world of web based credit card processing. Use them.