Wednesday, April 15, 2015

Payer Site Embedding with Server Side Programming

The payer site your customers use to make payments and view their account history is usually a separate web site hosted from www.billandpay.com.

If your business has a web site and you would like the payer site to appear to be a part of your web site you can use the "Embed Payer Site" feature.

How it Works


This part is a little bit technical. You will have to create a scripted page on your web site that can dynamically create a web page that embeds the payer site in it. If you are not familiar with server scripting for web sites we recommend you forward this page to a web developer that can do this work for you.

The Technical Details


You will need to create a scripted page on your web site that accepts a parameter called "url" and then generates a web page that includes an <iframe> element with the "src" property set to the value passed in the "url" parameter.

Here is a minimal example in PHP:

<?php
echo "<html>
    <head>
        <title>Payer Site Embedding Example</title>
    </head>
    <body>
        <iframe src='{$_GET['url']}' style='width: 800px; height: 600px; border: none;'></iframe>
    </body>
</html>";
?>

You would add HTML to this minimal example to surround the <iframe> tag with the appearance from your web site that you want. Once you have created the necessary script on your web site you need to let customer service know that you want to enable payer site embedding and let us know the URL of the embedding script on your server.

Why a URL Parameter?


Bill & Pay sends unique URLs in each of the emails sent to your customers. These URLs are customized for each customer and for the invoice the email pertains to so that when they click on the URL in the email they are taken to the correct payment page. That is why you must accept the 'url' parameter and make it the 'src' of the <iframe> tag.

Site Encryption


Even when the payer site is embedded inside your web site, all payment and account information will be secured using encryption between the payer's computer and Bill & Pay's web server. It is the same level of security as is used when the payer site is not embedded.

However, the appearance of the security indicators in the payer's browser will be different. First, let's look at what the generic login page on the payer site looks like when the it is not embedded:

Generic login page on the payer site when not embedded.

You will notice the green area in the address bar that has a lock icon and says "SkyHill Software Incorporated (US)". SkyHill Software, Inc. is the company that created and operates the Bill & Pay service. This green area informs visitors to the site that the site is secure and tells them who they are communicating with. They can click the green area and verify the identity of the web site they are communicating with:



When you embed your web site, these security indicators enabled by the Bill & Pay server will no longer be displayed in the payer's web browser. Here is an example of a web site that embeds the payer site and has no encryption enabled:


To the payer it appears there is no encryption used for logging in to Bill & Pay because the web page that is embedding the payer site does not employ encryption. In fact, the Bill & Pay session on this page is completely secure and encrypted.

Embedded payer site on web site with no encryption.

Because of this situation, it is recommended that you have a security certificate installed on your web site's server so that the page that embeds the payer site is also secure. This will not add any additional security to the payer site but it will visually reassure your customers that their payments are secure.


No comments:

Post a Comment