What has changed
If you have embedded WebCollect within a page(s) of your website, members can now complete the entire checkout process in embedded mode. There are a couple of exceptions, where members visit third party sites (Paypal or GoCardless) during the checkout process. See embed URL section below.
Staying in embedded mode all the way through checkout makes the process more seamless for the member. They remain "on your website", retaining the familiarity of where they are.
We have also made some slimmed down the header section, so that the embedded section fits more neatly into your webpage. We have removed the WebCollect logo at the top of the page, so that it's not a distraction. (Note: That means you need to tell your members how wonderful WebCollect is, because they may not even realise that they are using it).
Why has it changed?
A few months ago, we moved WebCollect to sitewide encryption, using https for all WebCollect pages. You may have noticed that a few other websites have done this (Google and Facebook are good examples). This is in recognition that full encryption is more secure, and you will see many more websites make the change in the coming months. Click here for details.
Now that WebCollect is fully encrypted on all pages, it made more sense to keep the member in the embedded mode throughout the checkout process where possible.
Do I need to make any changes as administrator?
Embed URL
We have added a new field in the Configuration tab on Customise Your Organisation called Embedded Frame URL. This is particularly important for organisations that are using Paypal and Online Direct Debit payment methods, plus embedded mode. Where the member pops out of embedded mode to go to Paypal or GoCardless, once they have finished adding their details, we need to know where to send them back to on your website, so that we can put them back into embedded mode again.
You need to provide the url (webpage address) of the page on your site, where you have embedded your WebCollect pages. If you have embedded WebCollect in multiple pages on your site, pick the one that is most appropriate for members to return to, once they have completed checkout. Make sure you include the full url (including the https:// at the beginning).
If we don't have the url to pop the member back into embedded mode, then we will show them the final checkout page on WebCollect without embedding. Not a problem, but it won't look the same.
Consider making your website https
We do however recommend that you consider changing to full site encryption (if you haven't already) for 2 reasons:
- It has become best practice, and leading companies are strongly encouraging sites to switch to https everywhere to prevent certain types of security attacks, such as Firesheep. See here for details.
-
The member's interaction with WebCollect within the embedded iframe is fully secure, regardless of whether your website is secure. That's because all WebCollect pages are https, and backed by an SSL certificate. That is no different to how it was before. What has changed though, is that the member, during checkout, remains within your website, which may not be https. That doesn't make it insecure, but it might flag up a warning to someone who knows enough about security to look for the closed lock symbol, but may not have knowledge about security within iframes.
By making your website https throughout, supported by an SSL certificate, you will be following best practice, and reassuring your members that you consider security to be important.
For organisations that start using the embedded feature
after October 2014
Please click here for the full details on embedding WebCollect in your site