Integrating Online Banking and Top-up Card into Payment Gateway

Internship Report Master of Software Engineering (2012-2014) Integrating Online Banking and Top-up Card into Payment Gateway Author: DAO Nguyen Vu Supervisor: HO Hoang Thuong January 11, 2015

Acknowledgment Over four months working in ME corp, I had opportunity to work in professional environment. First of all I am grateful to my supervisor, Mr. Ho Hoang Thuong who gave me a lot of help during my working period. I also would like to thank to my colleagues because of availability from discussing, collaborating and sharing in working. At last, I d like send my thanks to all Professors in PUF and Bordeaux, my classmate and my family who gave me a lot of knowledge and supports. 1

Abstract Nowadays, online payment became very popular around the world. At Vietnam, customers still use cash for most of transactions. And I hope this traditional payment would be replaced by online payment in future. As we knew, online payment is more cost-saving, cost-timing, security and convenient than cash. During my internship period, my team and I developed our company s payment gateway for supporting users in online payment. I had opportunity to research and work with various online payment method such as: ATM cards, top-up cards, sms, in-app purchases In this report, I d like to explain my job in developing payment gateway. My team and I had responsibility for building, maintaining and monitoring our company s payment gateway. I joined this team as a developer in two projects: Online Banking and Top-up Card.

Contents 1 Introduction 2 1.1 Internship environment............................ 2 1.2 Definition................................... 3 1.3 Contents.................................... 4 2 The work I were asked to do 5 2.1 Online Banking project............................ 5 2.2 Top-up Card project............................. 5 3 The work I performed 7 3.1 Online Banking project............................ 7 3.1.1 Backend................................ 7 3.1.2 Frontend................................ 9 3.2 Top-up Card project............................. 10 3.3 Monitor and Report............................. 11 3.4 Method and used tools............................ 11 4 Conclusion 13 Bibliography 14 1

Chapter 1 Introduction 1.1 Internship environment Figure 1.1: Company Organizational Chart Mobile Entertainment Corporation (ME Corp): found in 2010, the main activity of ME Corp is developing and publishing games. At startup, the company had only two members, but at current, it had more than 300 employees included many departments and centers: game studio, game development, technical, network operations center (NOC), sales, customer service,... Technical Center: is one of ME Corp s departments, they had responsibility for developing things (not include developing game) support for business activities as: online payment, game events (lottery ticket, online promotion activities,...), forums, website, reports for other departments such as: game, sales departments. Technical center includes many teams: payment gateway, API, Support, design,... Members: 19 Payment gateway: This is my team. We support various online payment methods such as: in-app purchase, banking, top-up card, top-up sms. My supervisor (also director of technical center - Mr. Ho Hoang Thuong ) is leader of this team. Team size: 5 2

Projects that I joined: Online Banking: Building Backend and Frontend page. Providing users online payment method through ATM cards. Team size: 5 (3 developers, 1 designer and 1 team leader). Duration: 2 months. My role: developer. Status: finished. Top-up Card: Implement new package and integrate into current system. Providing users payment method through top-up cards service of Vinaphone telco. Team size: 3 (1 developer, 1 designer and team leader) Duration: 3 weeks My role: developer. Status: finished. 1.2 Definition Figure 1.2: Workflow of ME Corp s payment gateway Telcos: Companies that provide and manage online payment accounts of end-users. They provide services for merchants building online payment system. Telcos had responsibility for validating, verifying, withdrawing, refunding end-users account and depositing merchant s account. In my project s scope, telcos are Smartlink, Banknetvn and telecommunication companies (Viettel 1, Mobifone 2 and Vinaphone 3 ). Merchant: This is really my team s role in Figure 1.2. We would use telcos services for building online payment system and publish our services for partners. Partner: In my company, partners are game departments. They provide their products for users and use Merchant s service for online payment. End-user: In this project s scope, end-users are gamers. They would use any online payment methods to deposit their account for buying item, weapon, or convert to virtual money (we call it mcoin) in game. Smartlink 4 (Smartlink Ecom), and Banknetvn 5 : are payment gateways that allowed 1 http://www.vietteltelecom.vn 2 https://www.mobifone.com.vn 3 http://www.vinaphone.com.vn 4 http://smartlink.com.vn 5 http://www.banknetvn.com.vn/ 3

merchants make online payment by using international and local cards of banks that it support. In this project s scope, we would consider Smartlink and Banknetvn as telcos. Sandbox environment: is a testing environment that isolates untested code changes and outright experimentation from the production environment. Sandbox protects live servers and their data/content from changes that could be damaging. Production environment: is real-time environment that product really public. List of Abbreviations J2EE: Java 2 platform Enterprise Edition. JDBC: Java Database Connectivity. API: Application Programming Interface. ATM: Automated Teller Machine. OTP : One-Time Password. Bank will send message included OTP to user s phone, and user will input this code for verify again in payment. PIN: Personal Identification Number. MVC: Model-View-Controller is a software architectural pattern. It divides software application into three interconnected parts: presentations (view), business logic (model) and controller (handle request/response). WSDL: Web Services Description Language. FTP: File Transfer Protocol. HTTP: Hypertext Transfer Protocol. HTML: HyperText Markup Language is the standard markup language used to create Web pages. 1.3 Contents The reports included four chapters as below: Chapter 1: Introduction Chapter 2: The work I were asked to do Chapter 3: The work I performed Chapter 4: Conclusion 4

Chapter 2 The work I were asked to do 2.1 Online Banking project Back-end: My team had responsibility for implementing services that Smartlink and Banknetvn provided. My task is implementing Smartlink package. Tasks that I were asked to do: Getting requirements, analyzing business and designing system. Implementing Testing and deployment Publishing API to partners. Front-end: After we built back-end and published API, our partners could build their own GUI and use our API for making online payment through ATM cards. A lot of partners only focus on developing game business, they didn t have enough resources for building their own GUI. For this reason, we built front-end page (GUI) for partners that couldn t build their GUI. My task is building website that support users select bank and amount for payment. 2.2 Top-up Card project Context: Besides providing users some online payment methods such as: sms, ATM cards, in-app purchases, we also supported users make online transaction by top-up (mobile) card method. Users could buy top-up cards from telcos for order at partner s site. Then, partners would send user s order (included serial and PIN of top-up card) to our payment gateway. At the end, we would use these information for confirm with telco and return result (success/fail) back to partners. At that time, we supported two telcos: Viettel and Mobifone. My task is implement new package for support more new telco - Vinaphone. My tasks in this project are: Getting requirements and researching current system. Implement/extend new package for new telco base on current system. 5

Testing and deployment Publishing API to partners. 6

Chapter 3 The work I performed 3.1 Online Banking project 3.1.1 Backend Getting requirements, analyzing business and designing system I had responsibility for implement Smartlink package, so i contacted with Smartlink to get documents. After reading documents clearly, my team discuss together to analyzing business. Sometimes, i encounter a few issues, I often discuss with Smartlink on phone, skype or email to figure out problems. It s an iterative process (read documents, ask for support from Smartlink, discuss together with team) help us understand and define what we have to do. After analyzing business, my team had discussions for design system. We define common parts such as: Software interfaces, common library, database, Then, everyone would implement their private task base on common parts defined before. I had responsibility for related Smartlink module s database and implement Smartlink package base on software interfaces and Smartlink s document. About progressing, I sent report to our supervisor weekly and my team held a meeting once a week. Sometimes, my team got a short meeting (15-20 minutes) for discussing issues. Implement We choose java, MySQL, Weblogic server for implement backend. Beside java platform,.net is another good choice for building backend system. In my opinion,.net is a more flexible. But in this case, my team members have no experience in.net, so java is reasonable. We decide to choose Weblogic server instead of tomcat for web server. Before, i used to work with tomcat. Tomcat is a open source of apache, it s very popular with java developers. But in my opinion, Weblogic server is better than tomcat in enterprise environment. It support both ftp and http (tomcat is only a http server). Weblogic also support transaction management. Besides, Weblogic support clustering powerfully, it s convenient for extend system in future such as: publishing services on cloud servers. 7

Interacting between merchant and Smartlink: Follow Smartlink s documents, i created a client web service to initialize a handshake between our payment gateway and Smartlink. Then i create a servlet to redirect Smartlink s page attached requirement data. Finally, i implement a gateway to get result that return from Smartlink Interacting between partner and merchant: Creating a servlet to received encrypted data from partners. Decrypting data and validating data. Every partner would be provided private key for encrypt, decrypt, create signature for verify valid data. Using above steps (interacting between merchant and Smartlink) to get result and return transaction s status back to partners. For business logic, I created store procedure in MySQL. I applied knowledge I learnt in Advance Database Practice subject. some business logic that I write in MySQL: insert a new transaction in database, update transaction s status (success/fail), check transaction s validation. I used JDBC to connect to MySQL. Testing and deployment Firstly, we deploy on our sandbox environment and make a connection with Smartlink s sandbox environment. Then, we deployed production environment and test again. At this step, Smartlink would provide us an ATM card for test. Secondly, we implement testing between both production environment. At this step, Smartlink would provide us new merchant ID and merchant key for integrated on production environment. If test result was successfully, both sides would arrange an appointment for acceptance. Finally, we would publish API and documents for partners. The partners would also implement the same above steps (deploy and test on our sandbox and production environment). In this case, the role of partners like as merchant s role and my team s role would be the same Smartlink. Problem Because we used http redirect from site-to-site, so if there s any interrupt connection at one of sites, result would be very bad. For example, after users verify payment with bank successful, an interrupt connection occurred at this step, Smartlink couldn t redirect to our payment gateway. Most of games that my company publish are mobile games, gamers could encounter this problem when they played game via unstable 3G mobile network in Vietnam. For this case, user s bank account would be withdraw but he wouldn t deposit his game account. I implement two way to fix this problem: Temporary solution: Running a task schedule every hour (i using cron job) for scan all transactions with status not yet updated. Then I would verify these transactions with Smartlink again. If result was successfully, i would update transaction s status and return result to partners for deposit user s game account. Besides, we would request Smartlink to implement other way without using http redirect. Everything will process through web services between our payment gateway and Smartlink, users will verify and input OTP code at our payment gateway (not Smartlink s site). 8

3.1.2 Frontend Implement Figure 3.1: GUI - Select bank and amount I built frontend page together with my colleague, a web designer. While my co-worker designed static web pages (html), I focused on building business logic and processing input data. The works that I did: Design database: I designed database for store transaction and data from partners. Implement business logic: check input data, get bank list. Create test cases for unit test: I use phpunit for implement test cases Using API that backend published and return transactions status to partners Received html pages and converted to web pages. 9

My company use CodeIgniter (CI) framework for most php projects. CI is a php MVC framework. there are many php frameworks such as: zend, symfony, In my opinion, CI is easy learning, fast, simple and in this project s scope, CI is reasonable choice. Besides, we choose nginx instead of apache for web server. In general, nginx is faster, more low memory usage than apache. Testing and Deployment First of all, I deployed on sandbox environment and test with both sandbox and production environment of backend. Then, I deployed on production environment and send document to partners for integrating into their products. 3.2 Top-up Card project Getting requirements and researching current system The same online banking project, I also read documents Vinaphone provided and discuss with Vinaphone s staff for understand requirements clearly. Then, I researched current system. Our current system applied some design patterns (ex. singleton, factory, ) that I learnt in Software Architecture subject, so I didn t spend much time for researching. About database, my co-worker designed database very well, it s easy to extend more new card provider. So, I only added a new record in table that store telcos information. I only focused on create store procedure for business logic. Implement/extend package for new telco base on current system Current system build on java, MySQL and Weblogic server, so I only implement new package without care about choosing platform or framework. I had responsibility for two main tasks: Create client web service to consume web service from Vinaphone: From wsdl Vinaphone provided, I used Netbeans IDE to generated client web service. Then, I implement business rules that describe in telco s documents. For example, one of business rules is prevent spam and detect serial and pin of top-up card: if a user make a failed transaction, he could only make another transaction two minutes later. Modify existence API: Because current API supported two telcos, so i modified by add more type of telco. I would like to give many thanks to Distributed software architecture and adaption subject. I applied most knowledge from this subject for two above projects such as: create and publish web service, servlet,client web service. 10

Testing and deployment Unit test: I used junit for create test cases. For example, one test case I created: checking validation of cards serial and PIN. Integrated test: After passed all of test cases, I make an integrated test on new product (included old and new test cases). We also applied the same online banking project for testing and deployment. After deploy and testing on sandbox environment, we deploy on production environment. But at this step, our current product was running on live servers, to avoid the risk of crashing system, we decided to deploy new version on the same servers but different port. Because Weblogic server supported this feature very good, I only need build war file, deploy and configure some properties. If everything is good, we would backup current system and deployed new version production on production environment with five minutes down-time. At this step, i had responsibility for check log, transaction, test business rule and monitor results return from telco. After that, I modified API documents and publish to partners again. 3.3 Monitor and Report Because our product serve millions of users all the time, it s important to monitor system frequently. We built tools for monitoring services, some rules we monitoring: If errors occurred, systems would notify by email and sms to list of involved members. When my team got notifications system alert, we would collaborate with Network team for checking network, viewing log to define reason and solving. We used vpn to connect company s local network when outside of company. Besides, we also had responsibility for reports such as: report revenue daily, weekly, monthly for boss, sales, We separate this task into two parts: I had responsibility for create web services to get data: I used java and MySQL to implement this task. I created store procedure in MySQL to query necessary data for reports. Then I publish these results through API built in java. My colleague would use my API to display results such as: charts, report forms, report files,... 3.4 Method and used tools Netbeans I used Netbeans as IDE for coding. Netbeans is free, open source and support most popular programming languages such as: java, php, html,... Git I used git as control source version. Git is a free and open source distributed version control system. I used tortoisegit tool as GUI for git version control. 11

HeidiSQL is a GUI tool for manage database such as: MySQL, PostgreSQL, I used HeidiSQL for manage MySQL database. Redmine is a open source project management web application. We used this tool for bug tracker management. OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections. I used this tool for connect company s local network via VPN when outside of company. 12

Chapter 4 Conclusion During my working period, my team and I built and integrated two online payment methods: ATM cards and top-up cards into our companys payment gateway. I joined all the stages in these projects such as: getting requirements, analyzing business, designing system, implementing, testing and deploying. It help me understand more deeply about projects life-cycle. Besides, I also applied much knowledge what i learnt from Master course of PUF for my working. I feel happy because of what i learnt in school was helpful in working environment. Although our services published and were running on live servers, we still encountered some issues: For ATM cards payment, we were asking telcos for implement all steps at our payment gateway (not redirect to telcos site) through web services. This task will reduce risk of interrupting connection when redirect from telcos site back to our payment gateway through 3G mobile network. For top-up cards payment: Because our service have to process hundred thousands of transactions every day, our database is more and more larger. So, we were going to partition database in near future. 13

Bibliography [1] Smartlink Payment Gateway - Integrated Document - version 1.2 (private document). [2] Smartlink Merchant Integration Specification (private document). [3] Vina Card Charging Gateway version 2.0 (private document). [4] Building Web Services with JAX-WS - The java EE 6 tutorial - Oracle. [5] Getting Started with JAX-WS Web Services - NetBeans IDE Tutorial [6] MySQL Reference Manuals. 14

Appendix Figure 1: Online Banking project s transactions Figure 2: Top-up Card project s transactions 15

Figure 3: Query transaction s status 16