Transcription
Title PageSecure Acceptance Checkout APIIntegration GuideAugust 2019DeprecatedCyberSource Corporation HQ P.O. Box 8999 San Francisco, CA 94128-8999 Phone: 800-530-9095
CyberSource Contact InformationFor general information about our company, products, and services, go tohttp://www.cybersource.com.For sales questions about any CyberSource Service, email sales@cybersource.com orcall 650-432-7350 or 888-330-2300 (toll free in the United States).For support information about any CyberSource Service, visit the Support Center:http://www.cybersource.com/supportCopyright 2019 CyberSource Corporation. All rights reserved. CyberSource Corporation ("CyberSource") furnishes thisdocument and the software described in this document under the applicable agreement between the reader ofthis document ("You") and CyberSource ("Agreement"). You may use this document and/or software only inaccordance with the terms of the Agreement. Except as expressly set forth in the Agreement, the informationcontained in this document is subject to change without notice and therefore should not be interpreted in any wayas a guarantee or warranty by CyberSource. CyberSource assumes no responsibility or liability for any errorsthat may appear in this document. The copyrighted software that accompanies this document is licensed to Youfor use only in strict accordance with the Agreement. You should read the Agreement carefully before using thesoftware. Except as permitted by the Agreement, You may not reproduce any part of this document, store thisdocument in a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical,recording, or otherwise, without the prior written consent of CyberSource.Restricted Rights LegendsFor Government or defense agencies. Use, duplication, or disclosure by the Government or defense agenciesis subject to restrictions as set forth the Rights in Technical Data and Computer Software clause at DFARS252.227-7013 and in similar clauses in the FAR and NASA FAR Supplement.For civilian agencies. Use, reproduction, or disclosure is subject to restrictions set forth in subparagraphs (a)through (d) of the Commercial Computer Software Restricted Rights clause at 52.227-19 and the limitations setforth in CyberSource Corporation's standard commercial agreement for this software. Unpublished rightsreserved under the copyright laws of the United States.TrademarksAuthorize.Net, eCheck.Net, and The Power of Payment are registered trademarks of CyberSource Corporation.CyberSource, CyberSource Payment Manager, CyberSource Risk Manager, CyberSource Decision Manager,and CyberSource Connect are trademarks and/or service marks of CyberSource Corporation.All other brands and product names are trademarks or registered trademarks of their respective owners.2
CONTENTSContentsRecent Revisions to This DocumentAbout This Guide68Audience and PurposeWeb Site Requirements88Conventions 9Note, Important, and Warning StatementsText and Command Conventions 9Related DocumentsCustomer SupportChapter 11011Using Secure Acceptance Checkout APIRequired Browsers91213Secure Acceptance Profile13Secure Acceptance Transaction Flow14Payment Tokens 15Tokens That Represent a Card or Bank Account OnlySubscription PaymentsLevel II and III Data1617BIN Lookup 17Requirement 17Requesting BIN LookupPayouts1718Go-Live with Secure AcceptanceChapter 21518Creating a Checkout API Profile19Configuring Payment Methods 20Adding a Card Type 20Enabling Payer Authentication 21Adding a Currency 22Enabling Automatic Authorization ReversalsSecure Acceptance Checkout API Integration Guide August 2019233
ContentsEnabling Japanese Payment Options 23Enabling eChecks 24Enabling PayPal Express Checkout 24Enabling the Service Fee 26Creating a Security Key27Receiving Merchant Notifications28Sending a Customer Receipt 30Customer Notification Details 30Company Logo 31Custom Email Receipt 31Displaying a Response Page 32Transaction Response Page 32Activating a Profile 33Additional Options for a Profile33Samples in Scripting Languages 33Sample Transaction Process Using JSPChapter 3Updating a Secure Acceptance ProfileChapter 4Processing TransactionsPayment Token TransactionPayment Card 43Installment Payments3738Creating a Payment TokenPayment Card 39eCheck 41Recurring Payments38434749Updating a Payment TokenPayment Card 51eCheck 5351Chapter 5Using Decision ManagerChapter 6Testing and Viewing TransactionsTesting Transactions3537Endpoints and Transaction TypesRequired Signed Fields34555757Viewing Transactions in the Business CenterSecure Acceptance Checkout API Integration Guide August 2019584
ContentsAppendix A API Fields60Data Type DefinitionsRequest FieldsReply Fields606199Reason Codes137Types of Notifications140AVS Codes 141International AVS Codes 141U.S. Domestic AVS Codes 141CVN Codes143Appendix B American Express SafeKey Response CodesAppendix C Iframe ImplementationClickjacking Prevention144145145Iframe Transaction Endpoints146Appendix D Visa Secure Response CodesSecure Acceptance Checkout API Integration Guide August 20191475
ReleaseChangesAugust 2019Deprecated this guide because it contains procedures for the Classic Business Center. Forprocedures in the New Business Center, see Secure Acceptance Checkout API IntegrationGuide (PDF HTML).REVISIONSRecent Revisions to ThisDocumentAdded required browsers. See "Required Browsers," page 13.Updated the description for the reason code reply field. See reason code, page 120.Added an important note about iframes. See Appendix C, "Iframe Implementation," onpage 145.July 2019Updated transaction flow. See "Secure Acceptance Transaction Flow," page 14.Added list of required signed fields. See "Required Signed Fields," page 38.Added the override customer utc offset request field. See override customer utc offset,page 85.June 2019Changed the name of Mastercard SecureCode to Mastercard Identity Check.Changed the name of Verified by Visa to Visa Secure.Removed the card types Nicos and Orico.Secure Acceptance Checkout API Integration Guide August 20196
Recent Revisions to This DocumentReleaseChangesMay 2019Updated information about payer authentication. See "Enabling Payer Authentication,"page 21.Added the following payer authentication request fields for 3D Secure. See "Request Fields,"page 61. payer authentication challenge code payer authentication customer daily transaction count payer authentication customer annual transaction count payer authentication marketing source payer authentication mobile phone payer authentication new customer payer authentication pre order payer authentication pre order date payer authentication recurring end date payer authentication recurring frequency payer authentication reorder payer authentication ship to address first used payer authentication transaction modeUpdated the following request fields. See "Request Fields," page 61.bill to address state submerchant state Added the following payer authentication reply fields for 3D Secure. See "Reply Fields,"page 99. auth cavv result auth cavv result raw payer authentication specification version payer authentication transaction idUpdated the following reply fields. See "Reply Fields," page 99. payer authentication proof xml req bill to address state req submerchant stateAdded Appendix B, "American Express SafeKey Response Codes," on page 144 andAppendix D, "Visa Secure Response Codes," on page 147.February 2019Added the reply field bill trans ref no. See bill trans ref no, page 102.December 2018Added information about TMS and third-party tokens. See "Tokens That Represent a Card orBank Account Only," page 15.Updated an Important note. See "Company Logo," page 31.Updated the permitted characters for the ASCIIAlphaNumericPunctuation data type. See"Data Type Definitions," page 60.Updated the descriptions for the jpo installments and jpo payment method request fields.See jpo installments, page 82 and jpo payment method, page 82.Updated the name of reply field req jpo payment installments to req jpo installments.See req jpo installments, page 128.Updated the description for the auth trans ref no reply field. See auth trans ref no,page 102.Secure Acceptance Checkout API Integration Guide August 20197
ABOUT GUIDEAbout This GuideAudience and PurposeThis guide is written for merchants who want to customize and control their own customercheckout experience, including receipt and response pages. After the customization, youwill have full control to store and control customer information before sending it toCyberSource to process transactions, and to use the Business Center to review andmanage all of your orders.Using the Secure Acceptance Checkout API requires moderate scripting skills. You mustcreate a security script and modify your HTML form to pass order information toCyberSource.Web Site RequirementsYour web site must meet the following requirements: It must have a shopping-cart or customer order creation software. It must contain product pages in one of the supported scripting languages. See"Samples in Scripting Languages," page 33. The IT infrastructure must be Public Key Infrastructure (PKI) enabled to useSSL-based form POST submissions. The IT infrastructure must be capable of digitally signing customer data prior tosubmission to Secure Acceptance.Secure Acceptance Checkout API Integration Guide August 20198
About This GuideConventionsNote, Important, and Warning StatementsA Note contains helpful suggestions or references to material not contained inthe document.NoteAn Important statement contains information essential to successfullycompleting a task or learning a concept.ImportantWarningA Warning contains information or instructions, which, if not heeded, can resultin a security risk, irreversible loss of data, or significant cost in time or revenueor both.Text and Command ConventionsConventionUsageBold Field and service names in text; for example:Include the transaction type field. Items that you are instructed to act upon; for example:Click Save.Screen text Code examples and samples. Text that you enter in an API environment; for example:Set the transaction type field to create paymenttoken.Secure Acceptance Checkout API Integration Guide August 20199
About This GuideRelated DocumentsRefer to the Support Center for complete CyberSource technical documentation:http://www.cybersource.com/support center/support documentationTable 1Related DocumentsSubjectDescriptionBusiness CenterBusiness Center User Guide—describes how to use the New BusinessCenter.DecisionManagerThe following documents describe how to integrate and use the DecisionManager services.Electronic checks Decision Manager Using the SCMP API Developer Guide (PDF HTML) Decision Manager Using the Simple Order API Developer Guide (PDF HTML)The following documents describe how to integrate and use the electroniccheck services: Electronic Check Services Using the SCMP API (PDF HTML) Electronic Check Services Using the Simple Order API (PDF HTML)Level II andLevel IIILevel II and Level III Processing Using Secure Acceptance (PDF HTML)—describes each Level II and Level III field and processing Level II and LevelIII transactions using Secure Acceptance.PayerAuthenticationThe following documents describe how to integrate and use the payerauthentication services:Payment cards Payer Authentication Using the SCMP API (PDF HTML) Payer Authentication Using the Simple Order API (PDF HTML)The following documents describe how to integrate payment cardprocessing into an order management system: Credit Card Services Using the SCMP API (PDF HTML) Credit Card Services Using the Simple Order API (PDF HTML)Payment securitystandardsPayment Card Industry Data Security Standard (PCI DSS)—web site offersstandards and supporting materials to enhance payment card data security.PayPal ExpressCheckoutThe following documents describe how to integrate and use the PayPalExpress Checkout services:Recurring Billing PayPal Express Checkout Services Using the SCMP API (PDF HTML) PayPal Express Checkout Services Using the Simple Order API (PDF HTML).The following documents describe how to create customer subscriptionsand use payment tokens for recurring and installment payments: Recurring Billing Using the Business Center (PDF HTML) Recurring Billing Using the SCMP API (PDF HTML) Recurring Billing Using the Simple Order API (PDF HTML)Secure Acceptance Checkout API Integration Guide August 201910
About This GuideTable 1Related Documents (Continued)SubjectDescriptionReportingBusiness Center Reporting User Guide—describes how to view andconfigure custom reports using the New Business Center.Service FeesSecure Acceptance Checkout API Service Fee Guide (PDF)—describeshow to process a transaction with the service fee included.SecureAcceptanceThe following documents describe how to create a Secure Acceptanceprofile and render the Secure Acceptance Hosted Checkout, along withprocessing a transaction with the service fee included: Third-partytokensTokenManagementServiceSecure Acceptance Hosted Checkout Integration Guide (PDF HTML)The following documents describe how to create tokens with a third-partyprovider and are available from CyberSource Customer Support: Tokenization with a Third-Party Provider Using the SCMP API Tokenization with a Third-Party Provider Using the Simple Order APIThe following documents describe how to integrate and use the tokenmanagement service: Token Management Service Using the SCMP API (PDF HTML) Token Management Service Using the Simple Order API (PDF HTML)Customer SupportFor support information about any CyberSource service, visit the Support Center:http://www.cybersource.com/supportSecure Acceptance Checkout API Integration Guide August 201911
CHAPTERUsing Secure AcceptanceCheckout API1Secure Acceptance Checkout API was previously called Secure AcceptanceSilent Order POST.NoteCyberSource Secure Acceptance Checkout API provides a seamless customer checkoutexperience that keeps your branding consistent. You can create a Secure AcceptanceCheckout API profile and configure the required settings to set up your customer checkoutexperience.Secure Acceptance Checkout API can significantly reduce your Payment Card IndustrySecurity Standard (PCI DSS) obligations by sending payment data directly from yourcustomer’s browser to CyberSource servers. Your web application infrastructure does notcome into contact with the payment data and the transition is silent.WarningSecure Acceptance is designed to process transaction requests directly fromthe customer browser so that sensitive payment data does not pass throughyour servers. If you do intend to send payment data from your servers, use theSOAP Toolkit API or the Simple Order API. Sending server-side paymentsusing Secure Acceptance incurs unnecessary overhead and could result in thesuspension of your Secure Acceptance profile and subsequent failure oftransactions.To create your customer checkout experience you will take these steps:1Create and configure Secure Acceptance Checkout API profiles.2Update the code on your web site to POST payment data directly to CyberSource fromyour secure payment form (see "Sample Transaction Process Using JSP," page 34).CyberSource processes the transaction on your behalf by sending an approval request toyour payment processor in real time. See "Secure Acceptance Transaction Flow,"page 14.3Use the reply information to generate an appropriate transaction response page to displayto the customer. You can view and manage all orders in the Business Center. You canconfigure the payment options, response pages, and customer notifications. See"Creating a Checkout API Profile," page 19.Secure Acceptance Checkout API Integration Guide August 201912
Chapter 1Using Secure Acceptance Checkout APIRequired BrowsersThe following browsers are required to ensure the Secure Acceptance checkout flow isfast and secure:Desktop browsers: IE 10 or later Edge 13 or later Firefox 42 or later Chrome 48 or later Safari 7.1 or later Opera 37 or laterMobile browsers: iOS Safari 7.1 or later Android Browser 4.4 or later Chrome Mobile 48 or laterSecure Acceptance ProfileA Secure Acceptance profile consists of settings that you configure to create a customercheckout experience. You can create and edit multiple profiles, each offering a customcheckout experience. For example, you might want to offer different payment options fordifferent geographic locations.Secure Acceptance Checkout API Integration Guide August 201913
Chapter 1Using Secure Acceptance Checkout APISecure Acceptance Transaction FlowThe Secure Acceptance Checkout API transaction flow is illustrated in Figure 1 anddescribed below.Figure 14Display the checkout page on your customer’s browser with a form to collect their paymentinformation and include a signature to validate their order information (signed data fields).Warning5Secure Acceptance Checkout API Transaction FlowYour system should sign only Secure Acceptance request fields. To preventmalicious actors from impersonating CyberSource, do not allow unauthorizedaccess to the signing function.The customer enters and submits their payment details (the unsigned data fields). Thetransaction request message, the signature, and the signed and unsigned data fields aresent directly from your customer’s browser to the CyberSource servers. The unsigneddata fields do not pass through your network.CyberSource reviews and validates the transaction request data to confirm it has not beenamended or tampered with and that it contains valid authentication credentials.CyberSource processes the transaction and creates and signs the reply message. Thereply message is sent to the customer’s browser as an automated HTTPS form POST.If the reply signature in the reply field does not match the signature calculatedbased on the reply data, treat the POST as malicious and disregard it.WarningSecure Acceptance signs every response field. Ignore any reply fields in thePOST that are not in the signed fields field.Secure Acceptance Checkout API Integration Guide August 201914
Chapter 16Using Secure Acceptance Checkout APIThe reply HTTPS POST data contains the transaction result in addition to the maskedpayment data that was collected outside of your domain. Validate the reply signature toconfirm that the reply data has not been amended or tampered with.If the transaction type is sale, it is immediately submitted for settlement. If the transactiontype is authorization, use the CyberSource Simple Order API to submit a capture requestwhen goods are shipped.7CyberSource recommends implementing the merchant POST URL notification (see"Receiving Merchant Notifications," page 28) as a backup means of determining thetransaction result. This method does not rely on your customer’s browser. You receive thetransaction result even if your customer lost connection after confirming the payment.Payment TokensImportantContact CyberSource Customer Support to activate your merchant account forthe use of the payment tokenization services. You cannot use paymenttokenization services until your account is activated and you have enabledpayment tokenization for Secure Acceptance (see "Creating a Checkout APIProfile," page 19).Payment tokens are unique identifiers that replace sensitive payment information and thatcannot be mathematically reversed. CyberSource securely stores all the card information,replacing it with the payment token. The token is also known as a subscription ID, whichyou store on your server.The payment tokenization solution is compatible with the Visa and Mastercard AccountUpdater service. Card data stored with CyberSource is automatically updated byparticipating banks, thereby reducing payment failures. See the Account Updater UserGuide (PDF HTML).The payment token replaces the card or electronic check bank account number, andoptionally the associated billing, shipping, and card information. No sensitive cardinformation is stored on your servers, thereby reducing your PCI DSS obligations.For more information about tokens, see "Related Documents," page 10.Tokens That Represent a Card or Bank Account OnlyInstrument identifier tokens created using the Token Management Service (TMS) andthird-party tokens represent a payment card number or bank account number. The samecard number or bank account number sent in multiple token creation calls results in thesame payment token being returned. TMS instrument identifier and third-party tokenscannot be updated. If your merchant account is configured for one of these token types,you receive an error if you attempt to update a token.Secure Acceptance Checkout API Integration Guide August 201915
Chapter 1Using Secure Acceptance Checkout APIWhen using Secure Acceptance with tokens that represent only the card number or bankaccount, you must include associated data, such as expiration dates and billing addressdata, in your transaction request.Subscription PaymentsA customer subscription contains information that you store in the CyberSource databaseand use for future billing. At any time, you can send a request to bill the customer for anamount you specify, and CyberSource uses the payment token to retrieve the card, billing,and shipping information to process the transaction. You can also view the customersubscription in the CyberSource Business Center. See "Viewing Transactions in theBusiness Center," page 58.A customer subscription includes: Customer contact information, such as billing and shipping information. Customer payment information, such as card type, masked account number, andexpiration date. Customer order information, such as the transaction reference number and merchantdefined data fields.Table 2Types of SubscriptionsType of SubscriptionDescriptionRecurringA recurring billing service with no specific end date. You must specifythe amount and frequency of each payment and the start date forprocessing the payments. CyberSource creates a schedule based onthis information and automatically bills the customer according to theschedule. For example, you can offer an online service that thecustomer subscribes to and can charge a monthly fee for thisservice. See "Payment Token Transaction," page 43.InstallmentA recurring billing service with a fixed number of scheduledpayments. You must specify the number of payments, the amountand frequency of each payment, and the start date for processing thepayments. CyberSource creates a schedule based on thisinformation and automatically bills the customer according to theschedule. For example, you can offer a product for 75.00 and let thecustomer pay in three installments of 25.00. See "InstallmentPayments," page 49.Secure Acceptance Checkout API Integration Guide August 201916
Chapter 1Using Secure Acceptance Checkout APILevel II and III DataSecure Acceptance supports Level II and III data. Level II cards, also know as Type IIcards, provide customers with additional information on their payment card statements.Business/corporate cards along with purchase/procurement cards are considered Level IIcards.Level III data can be provided for purchase cards, which are payment cards used byemployees to make purchases for their company. You provide additional detailedinformation—the Level III data—about the purchase card order during the settlementprocess. The Level III data is forwarded to the company that made the purchase, and itenables the company to manage its purchasing activities.For detailed descriptions of each Level II and Level III field, see Level II and Level IIIProcessing Using Secure Acceptance (PDF HTML). This guide also describes how torequest sale and capture transactions.BIN LookupThe bank identification number (BIN) lookup service provides information about apayment card account based on first six digits of the account number. The informationprovided can be the country in which the card was issued, the domestic currency, andwhether the card qualifies for the Payouts service. See "Payouts," page 18.RequirementTo enable BIN lookup, contact CyberSource Customer Support to have your accountconfigured for this feature.Requesting BIN LookupYou can request the BIN Lookup service with Secure Acceptance in the General Settingsof your Secure Acceptance profile in the Business Center. You can set the BIN Lookupservice to one of two modes: Free: verifies that the card is eligible for sending funds through the Payouts service. Paid: premium service that returns all data available for the BIN.The BIN Lookup response is sent to the merchant notifications URL and email. See"Receiving Merchant Notifications," page 28. For security reasons it is not sent to thereceipt URL.The BIN Lookup results are detailed in the reply fields with the bin lookup prefix. SeeAppendix A, "Reply Fields," on page 99.Secure Acceptance Checkout API Integration Guide August 201917
Chapter 1Using Secure Acceptance Checkout APIPayoutsUse Secure Acceptance to create a payment token that can be used with the Payouts APIor batch submissions.To create a payment token for Payouts:Step 1Create a Secure Acceptance Profile and define your checkout page. See Chapter 2,"Creating a Checkout API Profile," on page 19.Step 2Enable BIN Lookup to verify that the card used is eligible for sending funds using thePayouts service. See "BIN Lookup," page 17.Step 3For transaction processing, create a payment token. See "Creating a Payment Token,"page 38.Step 4Set the Payouts subscription ID field to the value of the payment token.See Payouts Using the Simple Order API (PDF HTML) or Payouts Using the SCMP API(PDF HTML).Go-Live with Secure AcceptanceImportantCyberSource recommends that you submit all banking information andrequired integration services in advance of going live. Doing so will speed upyour merchant account configuration.When you are ready to implement Secure Acceptance in your live environment, you mustcontact CyberSource Customer Support and request Go-Live. When all the bankinginformation has been received by CyberSource the Go-Live procedure can require threedays to complete. No Go-Live implementations take place on a Friday.Secure Acceptance Checkout API Integration Guide August 201918
ImportantCHAPTERCreating a Checkout APIProfile2Contact CyberSource Customer Support to enable your account for SecureAcceptance. You must activate a profile in order to use it (see "Activating aProfile," page 33).To create a Checkout API profile:Step 1Log in to the Business Center: Live transactions: https://ebc.cybersource.com Test transactions: https://ebctest.cybersource.comStep 2In the left navigation panel, choose Tools & Settings Secure Acceptance Profiles.Step 3Enter or verify the following profile details.Table 3Profile DetailsProfile DetailDescriptionProfile NameThe Secure Acceptance profile name is required and cannot exceed20 alphanumeric characters.DescriptionThe profile description cannot exceed 255 characters.Integration MethodCheck Silent Order POST.Company NameThe company name is required and cannot exceed 40 alphanumericcharacters.Company Contact NameEnter company contact information: name, email, and phonenumber.Company Contact EmailCompany Phone NumberPayment TokenizationCheck Payment Tokenization. For more information, seeChapter 4, "Processing Transactions," on page 37.Decision ManagerCheck Decision Manager. For more information, see Chapter 5,"Using Decision Manager," on page 55.Enable Verbose DataCheck Enable Verbose Data. For more information, see Chapter 5,"Using Decision Manager," on page 55.Generate DeviceFingerprintCheck Generate Device Fingerprint. For more information, seeChapter 5, "Using Decision Manager," on page 55.Secure Acceptance Checkout API Integration Guide August 201919
Chapter 2Step 4Creating a Checkout API ProfileClick Create. The Configuring Payment Settings page appears. See "ConfiguringPayment Methods" for more information.Configuring Payment MethodsYou must configure at least one payment method before you can activate aprofile.ImportantAdding a Card TypeFor each card type you choose, you can also manage currencies and payer authenticationoptions. Choose only the types of payment cards and currencies that your merchantaccount provider authorizes.To add a card type:Step 1Click Payment Settings. The Payment Settings page appears.Step 2Click Add/Edit Card Types. The Add/Edit Card Types page appears.Step 3Check each card type that you want to offer to the customer as a payment method. Yourpayment processor must support the card types.Step 4Click Update.Step 5Click the pencil icon in the column for each card type. The Edit Card Settings pageappears.Step 6Click Update. The card types are added as an accepted payment type.Step 7Click Save.Secure Acceptance Checkout API Integration Guide August 201920
Chapter 2Creating a Checkout API ProfileEnabling Payer AuthenticationImportantBefore you can use CyberSource Payer Authentication, you must contactCyberSource Customer Support to provide information about your companyand your acquiring bank so that CyberSource can configure your account.Your merchant ID must be enabled for payer authentication. For moreinformation about payer authentication, see Payer Authentication Using theSCMP API (PDF HTML) and Payer Authentication Using the Simple Order API (PDF HTML).Payer authentication is the CyberSource implementation of 3D Secure. It detersunauthorized card use and provides added protection from fraudulent chargeback activity.Secure Acceptance supports 3D Secure 1.0 and 2.0.For Secure Acceptance, CyberSource supports the following kinds of payerauthentication: American Express SafeKey Mastercard Identity Check Visa Secure J/Secure by JCBFor each transaction, you receive detailed information in the replies and in the transactiondetails page of the Business Center. You can store this infor
Service Fees Secure Acceptance Checkout API Service Fee Guide (PDF)—describes how to process a transaction with the service fee included. Secure Acceptance The following documents describe how to create a Secure Acceptance profile and render the Secure Acceptance Hosted Checkout, along with processing a transaction with the service fee included:
