Quantum Gateway

From WHMCS Documentation

Revision as of 16:32, 13 February 2011 by Matt (talk | contribs)

Quantum Gateway is a merchant gateway solution that supports 3D Secure for Visa & MasterCard Transactions in WHMCS.

If you don't yet have an account, visit www.whmcs.com/quantumgateway.php for more information.

Setup

  • You must use your Quantum gateway login id as your username
  • For the Transaction Key, you must use your Restriction Key.
  • If you don't have it, you can easily generate it by login into your Quantum Gateway merchant center and going to the Processing settings area. Scroll down until you see the "Restriction Key" area. Click the generate button, check the "Use restriction key" box, and finally click the UPDATE button. That is your new restriction key (Transaction Key).

MD5 Hash Verification

The MD5 Hash in the Quantum Gateway module is used to prevent forged callback requests. To set this up, you simply need to define a secret key value inside your Quantum Gateway account and then enter the same value into your WHMCS installation Quantum Gateway config in Setup > Payment Gateways.

Quantum also now have an "Include Response In Hash" setting which you should set to "No" within the account settings area.

Quantum Vault Service

The Vault Solution from Quantum Gateway enables you to accept credit cards through your site while completely avoiding the hassles of PCI compliance and here at WHMCS we were one of the first to offer this new service to Quantum users.

For more information visit the Quantum Vault page

How does it work?

  1. The customer leaves your site to perform 3D Secure authentication (exactly the same as they already do now) but the difference is they enter their card details once they've left your site aswell so that the card details never pass through your site
  2. The customer can still edit their card held on file at any time from the client area
  3. WHMCS can still request the card is rebilled whenever needed meaning fully automated recurring billing can continue as before and manual captures at any time are also still possible - it's just like you have the card details stored locally

Why does it avoid PCI compliance?

  1. No cardholder data ever touches or passes through your Network, Server or WHMCS System
  2. No cardholder data is ever retained or stored on your Network, Server or WHMCS system

Configuration/Setup

You will find the module in the Setup > Payment Gateways area listed as Quantum Vault which you can activate and configure in the same way as the regular module.

For existing Quantum Gateway users, there is also a vault migration script available on request to transfer all your existing clients card details over to the vault automatically and remove them from your local database.

Inside your Quantum Gateway account, you will need to configure and API Username, Key and Vault Key to use the Vault API, and in the Inline Frame API settings where it asks for various urls, you should leave all of those fields blank.