PayPal’s Website Payments Pro product combines the convenience of Express Checkout, an overtly PayPal-oriented checkout, with an additional option called Direct Payment, which allows you to completely embed the user experience for the entire payment process into your site with no mention of PayPal whatsoever required. Even on your customer’s credit and debit card statements, there is no mention of PayPal; your company name appears instead. If for whatever reason you’d like to control the entire checkout and provide the most seamless experience possible without any mention of a third party, the Direct Payment portion of Website Payments Pro may be exactly what you’ve been looking for. Since Express Checkout, the other component of Website Payments Pro, has been covered earlier in the book, getting you up and running with Direct Payment is the primary subject of this chapter.
Note
PayPal official documentation on Website Payments Pro is available online: Website Payments Pro Developer Guide.
In exchange for a nominal monthly fee, the Direct Payment portion of Website Payments Pro allows your customers to pay via credit or debit cards directly on your site. As the seller, this gives you complete control over the buyer’s transaction experience without the need for any redirect popup windows, or light boxes or any other friction. Such an arrangement may be appealing in that it provides you with complete control and removes an additional party (PayPal) from the checkout, but do not take lightly the fact that it makes the seller/merchant responsible for maintaining the security of the transaction and that some customers may actually prefer a checkout experience in which PayPal acts as a trusted intermediary instead of providing you with direct access to sensitive account information. Besides, you are actually required by the Website Payments Pro terms of service to use Direct Payment in conjunction with Express Checkout; Direct Payment may not be used as a standalone product.
Warning
It is absolutely critical that you provide the Direct Payment checkout experience under an SSL connection, and that you avoid logging or inadvertently storing any sensitive account information associated with a Direct Payment unless it is your explicit intention to do so, implying that you are prepared to safeguard it in accordance with PCI compliance, security best practices, and any applicable laws.
Figure 5-1 shows a typical checkout workflow a user experiences with Direct Payment:
The buyer clicks the Checkout button on your website, provides shipping and billing information, and clicks Continue.
The buyer reviews the order for accuracy and clicks Pay.
Information is handed off to PayPal via the
DoDirectPaymentAPI operation, the buyer’s card is charged, and you are provided with an appropriate response by PayPal.The customer receives an acknowledgment that the order was successfully processed.
