Please read carefully the instruction before proceeding online payment.

1. Introduction

The Moneris Hosted Tokenization (HT) was designed as a solution for online e-commerce merchants that do not wish to handle credit card numbers directly on their websites and also have the ability to fully customize their checkout webpage’s appearance. When an HT transaction is initiated the Moneris eSELECTplus payment gateway will present and display, on the merchant’s half, a single text-box on the check-out page. The cardholder can then securely enter their credit card information into the text-box. Upon submission of the payment information on the check-out page the eSELECTplus gateway will return a temporary token representing the credit card number, to the merchant. This token would then be used by the merchant to process a financial transaction directly with Moneris to charge the card. Upon receiving a response to the financial transaction, the merchant would then generate a receipt and allow the cardholder to continue on with the online shopping experience.

A benefit of integration with Moneris’ Hosted Tokenization is the solution will reduce a merchant’s PCI-compliance assessment scope due to the fact that credit card numbers are not captured nor stored by the merchant’s site.

2. System and Skill Requirements

As well, you will need to have the following knowledge and/or skill set:

1. Knowledge of HTML and IFrame’s

2. Knowledge of JavaScript

3. Knowledge of a programming language such as PHP, Java, .NET, PERL etc.

Note:

It is important to note that all Merchants and Service Providers that store, process, or transmit cardholder data must comply with PCI DSS and the Card Association Compliance Programs. However, certification requirements vary by business and are contingent upon your "Merchant Level" or "Service Provider Level". Failure to comply with PCIDSS and the Card Association Compliance Programs may result in a Merchant being subject to fines, consular fees or assessments and/or termination of processing services. Non-compliant solutions may prevent merchants boarding with Moneris Solutions.

As a Moneris Solutions client or partner using this method of integration, your solution must demonstrate compliance to the Payment Card Industry Data Security Standard (PCI DSS) and/or the Payment Application Data Security Standard (PA DSS). These standards are designed to help the cardholders and merchants in such ways as they ensure credit card numbers are encrypted when transmitted/stored in a database and that merchants have strong access control measures.

3. What is the Process I will need to follow?

You will need to follow these steps:

1. Do the required development and testing as outlined in this document and the Vault API document and

package.

2. Test your solution in the test environment.

3. Activate your store.

4. Make the necessary changes to move your solution from the test environment into production as outlined in

this document.

4. Process Flow for Hosted Tokenization

1. The cardholder shops at a merchant site with their web-browser and ready to check out.

2. The check-out page is presented by the merchant’s server with Hosted Tokenization integration.

3. A small portion of the merchant’s check-out page has an iFrame that links to Moneris’ Hosted Tokenization

configuration. The text-box to collect the credit card number (PAN) is presented by Moneris.

4. The cardholder enters the credit card number and other payment-related information that the merchant may

need in order to process a financial transaction to charge the card. Once the cardholder presses the

Submit button, the initial code behind the check-out page submits a request to the Moneris eSELECTplus

gateway to obtain the temporary token that represents the credit card number. The latter code behind the

check-out page then takes the token and other payment-related information from the check-out page and

submits them to the merchant’s choice of URL that collects the submitted information.

5. The merchant’s server sends a Vault transaction to Moneris using the payment information collected by the

URL in step 4. Information in the response to the Vault transaction is saved for reference. For more

information on Vault, please refer to our Developer Portal at https://developer.moneris.com/

6. Result of the financial transaction is displayed to the cardholder.

5. Create a Hosted Tokenization Profile

1. Login to your eSELECTplus Merchant Resource Centre:

• QA - https://esqa.moneris.com/mpg/

• Production - https://www3.moneris.com/mpg/

2. Click on ‘ADMIN’ on the menu.

3. Click on ‘hosted tokenization’ on the sub-menu.

4. Enter the source domain page. This is the address of the main outer page that sends the transaction to

Moneris. Example from the process flow diagram above would be “https://www.xyz.com”.

5. Click the button “Create Profile”

6. Make a note of the Profile ID that gets generated since this will need to be included in your HTML iFrame

code.

6. Getting a Temporary Token

To get a temporary token you will need to send a request to Moneris from within an IFrame. A sample code is illustrated below. Note that the Profile ID in the HTML link below will need to be replaced with your own Profile ID from Section 5 “Create a Hosted Card Tokenization Profile”.

7. Getting consular fee information.