1. Introduction

At Wordline, your business continuity and security are our priorities. Therefore, we take data security and compliance very seriously and are doing regular audits and assessments to ensure our way to work and exchange data between you and us is fully compliant.

According to the Payment Card Industry Data Security Standard (PCI DSS), any business that accepts card payments must implement data protection policies and protect cardholder data to ensure PCI compliancy. One of the key aspects of the PCI DSS compliancy is to ensure that you are using the POST method with transaction data in the body of the HTTP payment requests for sending payment requests to a payment platform. This is the only PCI-compliant method and ensures that you are not exposing sensitive transaction data of your customers over the internet.

2. Understand different HTTP request methods

Any of your requests your system sends to our platform follows the principles of the Hypertext Transfer Protocol. The HTTP protocol incorporates different methods to do so:

  • GET: The payment information is part of the URL which receives the data
  • POST (The payment information is part of the URL which receives the data)
  • POST (The payment information is in the HTML body)

However, the only fully PCI compliant way to send payment information to our platform is POST (The payment information is in the HTML body)
Have a look at this generic example to understand how this method works:

<form method="post" action="https://ogone.test.v-psp.com/ncol/test/orderdirect_utf8.asp" id=form1 name=form1>
<!-- the HTML form on your checkout page -->

<input type="hidden" name="PSPID" value="">
<input type="hidden" name="ORDERID" value="">
<input type="hidden" name="AMOUNT" value="">
<input type="hidden" name="CURRENCY" value="">

<input type="hidden" name="CARDNO" value="4111111111111111">
<input type="hidden" name="CVC" value="123">
<input type="hidden" name="ED" value="12/36">
<input type="hidden" name="CN" value="John Doe">

<input type="hidden" name="SHASIGN" value="">
<!-- Authentication parameters USERID/PSWD are added to the server code (see below) -->


<!-- the HTML form on your checkout page -->

Your server code (programming language used here: cURL) sending this HTML form (including authentication parameters userid/pswd) as a POST request
curl -i -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 
'pspid=<pspid>&orderid=<orderid>&amount=<amount>&currency=<currency>&cardno=<cardno>&cvc=<cvc>&ed=<ed>&cn=<cn>&userid=<userid>&pswd=<pswd>'  https://ogone.test.v-psp.com/ncol/test/orderdirect_utf8.asp

Be aware of the following attributes:

  • "method" must be POST
  • "action" must only contain the endpoint URL

If you are working with our DirectLink solution, contact your integrator to ensure that your sales application uses the POST method.