This is a review for the Fontis DPS Magento Extension which is very widely used in New Zealand for credit card transactions. As a member of the Auckland Magento Users group I find I am often talking to people about the extension, and even more often wondering about how it could be made better. In this review I’ll be looking primarily at the DPS PxPay functionality, the PxPost functionality is becoming increasingly hard to access here in New Zealand, as banks are becoming more wary of credit card fraud. If you follow my blog, you’ll know I’m doubtful of the future of on-site credit card processing, I think eventually, for usability and security reasons, large credit card payment providers will host most of the transactions.
On to the review. Firstly, let me preface this review with this: the Fontis DPS extension is very widely used, and it does a perfectly adequate job of taking credit card payments in New Zealand. Out of the box this extension works very well, with minimal issues (unless you use Magento version 1.4 – but we’ll cover that soon).
With that said though I think there are three key areas of improvement or that deserve clarification.
Things I Didn’t Like
The user experience when a transaction fails is really not very pleasant. A failed transaction (for something as simple as a fat-finger typo on the expiry date) will see you kicked back to the Magento store, on a sparse, uninformative failure page. Worse still, if you still want to buy then you have to go to the cart and start over again. Let’s hope you chose not to checkout as a Guest!
Not one to moan about a problem and not offer a feasible solution, in the case of the failed transaction I firstly need to acknowledge that DPS could help by doing more basic data entry checking themselves, instead of outright failing the transaction. But if we have to work within the constraints then we could make things easier for the user in two ways:
- Remember their details and drop them on to a failure page that can shortcut them through to a later part of checkout
- Show a useful error message (the result of which can be decoded from the DPS failure url) like “Sorry the expiry date you entered on the DPS website was invalid, please click here to proceed to checkout again.”
This would require that the complete integration prescribed by DPS was undertaken, which in the current Fontis extension is not the case. Until then the customer will not get useful error messages, and as a result the usability improvements won’t be possible.
Another thing I didn’t like very much with the PxPay integration is the lack of refund automation. I understand this is a DPS limitation more than it is an extension limitation, so I’ll make this more of a clarification point than a complaint. Some payment providers allow you to programmatically cancel and refund (sometimes partially) the credit card transaction from within Magento. This saves the burden of then logging in to the payment gateway website to initiate the refund and keep the store in-sync with your gateway. With DPS this is not possible, so when using DPS for your Magento payment provider, you will have to remember to firstly issue the credit in Magento, and then head over to DPS to actually refund the money.
This same limitation applies to the ‘Authorize then capture’ style of credit card payment, where you reserve the card funds first, then sometime later (e.g. when you know you have the product available) charge the credit card and ship the goods. It is not supported in the API for PxPay, and so unavailable through Magento in the usual Invoice to charge the card paradigm.
The last issue is the admin created orders cannot be charged to a card. This again is a limitation of the DPS API as much as it is a problem with the extension. The extension doesn’t currently allow you to use a credit card (that you took over the phone for example) to pay for an order. As with refunds, you have to log in to DPS and process the payment through a virtual terminal.
I would like to see this changed to the same sort of redirect flow a customer experiences, when making payment. The only issue I see with this is that DPS may incorrectly characterize the multiple-cards-one-IP -address access pattern as fraud, but surely that could be dealt with so that store admins can have a seamless backend order process.
DPS, Magento and version 1.4
I’ve been testing the Fontis DPS extension on version 1.4 and have found a couple of issues with it. The most annoying is that the notion of enabled is ignored in the new version, so that even if PxPost is disabled, it will show up during customer checkout. There is a fix for that described on the Magento forums, thanks to fellow MageBase contributor, Robert.
That’s my review complete, the summary for those that skim read is: the extension works, but it could work better and it could work great if DPS also improved their PxPay API – c’mon guys it’s the 2000′s now! I’d be very interested to hear from other DPS and Magento users on this subject, let me know how you find the extension for day-to-day use.
Originally published on magebase.com. Copyright © 2010 Magebase - All Rights Reserved.
Proud members of the 
Hey Ashley, a very timely review. I have been considering Magento over another solution I have used for a while – Magento just seems more complete, and with me dealing mainly with NZ clients, it’s good to know how Fontis integrates with DPS from someone who’s had the experience. Cheers!
It’s really easy to pitch in and make the updates you need – it is the nature of open source after all. Someone creates something for free, you use it, you improve on it and share it with everyone else. I’ve subscribed to your RSS as I’m really looking forward to see the updates you make.
Great to hear you’ve subscribed Billy, we definitely have some helpful functionality for DPS users in the works – so stay tuned.
Sadly, it seems Fontis is neglecting their DPS extension, I submitted a simple security patch to them nearly 2 months ago and it appears they have not updated the Magento Connect extension since January. Security patches are tricky, releasing the code in public, would only serve to explain the workings of it, and not help the unprotected stores.
Open source is great, but not if the maintainers let you down when the rubber meets the road.
Great review thanks Ashley. Yes we have had similar queries from our Magento customers using the Fontis module. We developed our own DPS PxPay module when Magento first came on the scene and have made steady improvements to it since then. The PxPay API has the ability to authorise a payment with DPS, we use this in our own module. We haven’t yet built in the ability to then complete the payment from within the order form, but I’m sure that this could be very easily accomplished.
I may have a look at the Fontis module and see if I can tweak it for authorizing and completing using the API.
Can you please send me the security patches if Fontis haven’t included these? Or do you think that it’s best to contribute to the magebase module?
Hi, Quentin – Definitely check out Kristof’s DPS extension, it’s very thorough and includes the security fixes for problems with the DPS extension. I See Fontis _still_ have not updated their extension, so the vulnerability remains un-patched. I’ll flick you an email with my patch for fontis, in case you have the same issue in your implementation (though I doubt it).
awesome review, testing Kristof’s extension this week..
Thanks Ashley, Kristof’s DPS extension works great.