Secure transaction processing system and method

摘要

A secure transaction processing system/method allowing injection and execution of credit card and ACH payment forms in a third party web page via cross domain requests is disclosed. The system/method provides a mechanism to inject and execute payment forms into a third (customer) party's website via Cross Domain Requests by providing a set of client application instructions that retrieves presentation and behavior logic and delivers it in a third party application. A browser based client application detects and manages style and behavior conflicts to render forms within in an existing third party web page. The client application then submits the forms via Cross Domain Requests to the transaction processing web server and directs the client application to a new navigation target within the third party website.

主权项

1. A computer-implemented secure transaction processing system comprising networked computing devices executing software, and further comprising:
(a) an origin domain server hosting a web browser based client application (WBA) accessible by a user using a network-connected remote device via a graphical user interface (GUI); (b) a transaction processing server, having a domain distinct from a domain of said origin domain server, hosting a web server application (WSA) configured for use in processing payment transactions; and (c) third party website navigation instructions (WNI);whereinsaid WBA is configured to request transaction processing forms (TPF) from said WSA via cross domain requests in response to accessing said WBA by the user;said WBA is operable on said origin domain server via use of a web browser and without the use of third-party software;said WSA is configured to provide said TPF to said WBA via cross domain requests in response to said request;said WSA is configured to utilize CORS for communication of said cross domain requests if CORS is available;said WSA is configured to utilize WebSockets for communication of said cross domain requests if CORS is not available and WebSockets is available;said WSA is configured to utilize JSONP for communication of said cross domain requests if CORS is not available and WebSockets is not available;said WBA is configured to detect and manage conflicts of style and existing client side behavior;said WBA is configured to render via cross domain requests a third party web page including said TPF in a web browser using third party provided styles within said third party web page;said WBA is configured to submit said TPF to said WSA via cross domain request in response to filling of said TPF by said user;said WBA is configured to accept and processes said filled TPF to provide validation results and transaction results; andsaid WBA is configured to execute said WNI to define user navigation within said WBA based on whether or not said transaction results were successful.