Here at Howard Development & Consulting, we do more than the day-to-day development work. We take it to the next level with brainstorming, idea creation, and finding business solutions that go beyond the obvious and defy the traditional “checklist” types of tasks.
Today, I’ll be digging into a solution we created for a large network of restaurants located in different states. They shared one central web presence, but from a financial standpoint there were seven different business entities at play. This group of seven businesses wanted to sell gift cards via their central web site, and we were faced with the challenge of making this transaction seamless for both the customer and the staff at the restaurants processing the orders.
For a typical implementation, we would just pop in WooCommerce, pop in payment processor like Stripe or Authorize.net, and we’d be good to go.
However, in this case the seven different restaurants needed to use seven different merchant accounts, based on which gift card the customer was buying. And on top of that, different people needed to get notified to process the payments at each different restaurant. So we had seven businesses under one roof, but to the end user we wanted to present it as a simple, united e-commerce shop. This would allow people to buy one or more gift cards, and behind the scenes, have that be processed appropriately and have only the proper people notified of the order.
The first thing we built was a custom WooCommerce solution specifically for the sale of gift cards, which can have a custom dollar amount applied to them. We used a plugin called Name Your Price to accomplish this, and integrated some other plugins that allowed us to skip through unnecessary steps, such as the “review your cart” page. In this implementation, the first thing the customer sees is an option to choose one of the seven restaurants. The next thing is the option to enter any number for the value of the card they’ll be purchasing. And then, we jump right into checkout.
At this point, the key is that we need to receive the credit card data securely while also being able to hold it in a way that makes it possible to pass it to one of seven different recipients. At the actual physical store, they’re going run that credit card through their brick-and-mortar merchant account, not through a web API like Stripe or Authorize.net (both of which are very common for our WooCommerce implementations).
To accomplish the seven different sets of notification recipients, we integrated a WooCommerce plugin called Advanced Notifications. That allowed us to go through on a product-by-product level and define which products were going to alert which people when there was a sale.
Next, we wanted to hold those credit card numbers, but we could not actually store them on the server because the hosting solution was not PCI compliant, which is the minimum standard to which credit card companies hold themselves for security. It’s very expensive to adhere to PCI compliance – at a minimum, hundreds of dollars per month for your hosting, plus the incalculable risk of holding those cards and being liable if a breach were to occur. It didn’t make sense for this client to invest that much just to store a handful of credit cards for their gift card transactions.
To solve this problem, we integrated and customized a plugin called Offline Credit Card Processing for WooCommerce. That works around the PCI compliance issue by storing eight of the card’s digits on the server, and shooting the other eight out to you via email. This method obscures and separates that data, so if the server gets breached, nobody has the full credit card, and if your email gets breached, nobody has the full credit card. This creates a safe way for us to transmit credit card data to each individual at each restaurant, without needing to have a super-complex hardware setup for securely storing credit cards.
Finally, we updated the email notification settings using custom-developed code to modify the Offline Credit Card Processing plugin. “If it’s restaurant A, send it to this email address, restaurant B, send it to that email address.” The result is the client doesn’t need to have a huge, complex hosting system just to hold some credit card data. And they’re able to use their existing brick-and-mortar credit card processing accounts, just as they have for direct purchases in the past, which makes life easy for them from an accounting standpoint.
We have created a system that is not only secure and easy to use in terms of the company’s internal workflow, but presents a simple, cohesive front-end to visitors. The customer has no idea that there’s so much going on under the hood – and we like to think the most elegant solutions are the ones the end-user doesn’t even realize are there.