Configuring the Payment Gateway Integration

Laserfiche Forms features integrations with Braintree and Authorize.Net so you can accept payments in form submissions. After you save your merchant account information, you can enable Collect payment in a message start event or user task to insert a payment gateway interface into a form.

You can:

• Set up multiple Braintree and Authorize.Net accounts.
• Set up one gateway for sandbox mode before switching to a second gateway for production mode.
• Use different gateways for different types of transactions or currencies.

To configure your Braintree merchant account information

1. Open the Laserfiche Forms Configuration page to the Payment Gateway tab.
2. Select Add Account and then Add Braintree Account in the top right.
3. Optional: Select Sandbox Mode when testing your processes, so that you do not transfer real funds.

Note: A linked PayPal Sandbox account is required to use PayPal Checkout in Sandbox mode when using this payment gateway with a new form. Please see https://developer.paypal.com/braintree/docs/guides/paypal/testing-go-live#linked-paypal-testing.

4. Under Name, specify a name that is unique to all of your payment gateway integrations.
5. Under Merchant ID, specify the unique identifier for your gateway account. Learn more about merchant IDs.
6. Under Currency, specify the currency type you want to display.

   Example: When you select “USD - US Dollar($)”, a User Task displays the following next to the total amount.

7. Under Public Key, specify your user-specific public identifier provided by Braintree. Learn more about public keys.
8. Under Private Key, specify your user-specific private identifier provided by Braintree. Learn more about private keys.
9. When you are done, click Save.

Note that all payment processing is handled by Braintree through the Braintree Drop-in UI. Laserfiche Forms does not store or have access to submitted payment information. For example, when saving a draft, no payment information can be saved.

To configure your Authorize.Net merchant account information

Note: Before using an Authorize.Net payment gateway, enable the Transaction Details API. You can do this by signing in to your Authorize.Net account and enabling the API in Account > Settings > Transaction Details API.

1. Open the Laserfiche Forms Configuration page to the Payment Gateway tab.
2. Select Add Account and then Add Authorize.Net Account in the top right.
3. Optional: Select Sandbox Mode when testing your processes, so that you do not transfer real funds.
4. Under Name, specify a name that is unique to all of your payment gateway integrations.
5. Under Payment Gateway ID, enter the unique identification number provided by Authorize.net.
6. Under Currency, specify the currency type you want to display.

Example: When you select “USD - US Dollar($)”, a User Task displays the following next to the total amount.

7. Under API Login ID, enter your 8+ character API login ID, which is used to connect your form to Authorize.Net.
8. Under Public Client Key, enter your public client key provided by Authorize.Net.
9. Under Transaction Key, enter your 16+ character transaction key, which is also used to connect your form to Authorize.Net.
10. Under Optional Configuration, match the options you selected in Authorize.Net. If you do not match your filter settings with those on Authorize.Net, payment transactions will fail.

    Note: Forms 10.4.2 now supports all billing fields in the authorize.net payment gateway including Company, Address, City, State, Country, Phone, Fax, Email, and Customer ID fields.

11. When you are done, click Save.

PCI Compliance Information

The Payment Card Industry Data Security Standard (PCI DSS) provides a data security framework of industry-recognized controls for handling credit card information.

The Forms Braintree and Authorize.net integrations collect all cardholder data within an Iframe and send it to a third party, so that the Laserfiche Forms Server does not store any cardholder data. This simplifies PCI compliance, as both Braintree and Authorize.net are PCI-compliant frameworks. You should still complete a Self-Assessment Questionnaire (SAQ) for PCI compliance validation. The PCI DSS SAQs provide a framework for evaluating compliance for merchants not required to submit an official PCI DSS Report on Compliance. For more information on completing a self-assessment, please see the PCI Security Standards Council website at: https://www.pcisecuritystandards.org/pci_security/completing_self_assessment.