Since the integration mode impacts the merchant's PCI-DSS responsibility, it should be selected based on the merchant's needs and ability to handle bank data.
- The widely recommanded hosted-fields mode allows a (almost) total customization of the payment page without involving the merchant's PCI-DSS responsibility. (SAQ-A)
Advantage(s): extremely customizable, minimal PCI-DSS responsibility.
- The hosted-form mode (Form redirect), consists in redirecting the user to a form hosted by Dalenys, either in full page or in an iframe. The use of a standard template does not imply any PCI-DSS liability of the merchant (SAQ-A), on the other hand the use of a customized template generates a moderate responsibility (SAQ-AEP).
Advantage(s): turnkey, quick to set up.
Disadvantage(s): imposed HTML code.
- The server to server mode (Direct-link) consists of the merchant designing and hosting the entire payment form, and providing Dalenys with the bank card information during the transactions. Only merchants who can justify a full PCI-DSS audit (SAQ-D) are allowed to use this integration mode. The Client Side Encrypion (CSE) option, however, limits the PCI-DSS responsability of the merchant. (SAQ-AEP)
Advantage(s): free creation, internalization of the payment tunnel.
Disadvantage(s): high PCI-DSS responsability.
More information on the technical aspects of integration can be found in the "Integration modes" section of the documentation.