A common requirement for customer service Interaction flows is providing options for users to perform payments using their credit cards. As part of our commitment to protecting sensitive customer information, the payment mechanism used by Jacada Interact ensures that credit card details are passed to the relevant payment gateway only. Credit card numbers (and other sensitive data) are never exposed to the Interact Servers. 

The flow involved in secure payment implementation is shown in the diagram below. The phases of the flow are explained in the sections below the figure.

Phase 1: Sending Credit Card Information

The flow begins from the Payment page of the Interaction, on which customers are asked to make a payment. Instead of sending the information entered on the Payment page to the Interact Server, the information is routed directly to the payment gateway, using an application extension

Phase 2: Obtaining a Credit Card Token

The payment gateway processes the information received and performs validity checks. If the data is found to be valid, a credit card token is returned to the Interact client. This token can be used for the current transaction only.

Phase 3: Storing the Token in a Variable

The credit card token is stored in an Interact user variable, using the setVariable API. This variable will be used for the Integration Point that is needed in Phase 4 of the flow. 

Note: The first three phases of the flow are handled by the client extension. For more details, refer to Understanding Payment Application Extensions.

Phase 4: Performing the Payment

The charge operation is performed via an Integration Point that invokes the charging service of the relevant payment gateway. The credit card token (obtained in Phase 2) and a special secret key (provided by the payment gateway) are passed in the Integration Point. The secret key is not visible from outside of the Interact Server.

The following sections present more detailed information about the components of the payment flow, so you can customize each one to the needs of your organization: