Knowledge Base

With the rise of e-commerce today, the ability to receive payments through websites has become critical. Understanding which payment infrastructure a website uses is important for both security assessment and competitor analysis. This article will examine in detail the various methods you can use to find out the payment infrastructure of a website.

1. Introduction

Websites use different payment infrastructures to offer their users various payment methods. These infrastructures can range from credit card payments to mobile payments, virtual wallets to bank transfers. Knowing the payment infrastructure a site uses is beneficial for both technically knowledgeable people and ordinary users. For example, a developer may want to optimize integration processes, while a user may want to assess payment security.

2. Basic Methods: Browser Tools and Source Code Review

2.1. Using Developer Tools

Most modern web browsers offer powerful tools for developers. These tools allow you to examine a web page's source code, network traffic, and other technical details. You can use these tools to understand the payment infrastructure.

• Network Tab: Open the "Network" tab in your browser's developer tools. Examine the HTTP requests made during the payment process. In particular, focus on requests made to the payment gateway. The URLs of the requests can provide clues about the payment infrastructure used. For example, URLs with domain names such as "stripe.com", "paypal.com" or "iyzico.com" indicate that the respective payment infrastructures are being used.
• Source Code Review: View the source code of the web page (by right-clicking and using the "View Page Source" option). In the source code, look for JavaScript files, API keys, or other identifying information belonging to the payment infrastructure. Pay particular attention to external resources located within <script> tags.

<script src="https://js.stripe.com/v3/"></script>
<script>
  // Stripe.js integration code here
</script>

The example above is a JavaScript code snippet showing that the Stripe payment infrastructure is being used.

2.2. Examining the Payment Page

Carefully examining the payment page can provide important clues about the payment infrastructure used.

• Logos and Brands: On the payment page, you may see brands such as credit card logos (Visa, Mastercard, American Express) or payment infrastructure logos (PayPal, Stripe, iyzico). These logos indicate which payment methods are supported and which infrastructures are used.
• Security Certificates: There should be a lock icon in the address bar of the payment page. This indicates that the page is protected by an SSL (Secure Sockets Layer) certificate. By examining the details of the SSL certificate, you can check the organization that provided the certificate and the validity period of the certificate.
• Privacy Policy and Terms of Use: There should be links to the privacy policy and terms of use on the payment page or at the bottom of the website. By reviewing these documents, you can learn about how payment transactions are processed and which third-party services are used.

3. Advanced Methods: Network Analysis and API Requests

3.1. Monitoring Network Traffic (Wireshark)

For a more in-depth analysis, you can use network analysis tools such as Wireshark. Wireshark captures all network traffic passing through your computer and allows you to analyze it. By capturing the network traffic during the payment process, you can examine the data sent to the payment infrastructure and the responses received. This method is especially useful for unencrypted (HTTP) traffic. However, since most payment transactions are now done over HTTPS, it may be difficult to read data directly with Wireshark.

3.2. Monitoring API Requests (Postman)

If the website communicates with the payment infrastructure using an API (Application Programming Interface), you can monitor API requests using API testing tools such as Postman. These tools allow you to view the data sent to the API and the responses received. The URLs and data formats of API requests can provide important clues about the payment infrastructure used.

// Example API request
POST /v1/charges HTTP/1.1
Host: api.stripe.com
Authorization: Bearer sk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Content-Type: application/x-www-form-urlencoded

amount=2000
currency=usd
source=tok_visa
description=Example charge

The example above shows a payment request made to the Stripe API. The "Host" header and the API path ("api.stripe.com/v1/charges") clearly indicate that Stripe is being used.

4. Third-Party Tools and Services

4.1. BuiltWith and SimilarTech

Web technology detection tools such as BuiltWith and SimilarTech automatically analyze the technologies used by a website. These tools can identify various technologies used by the website (CMS, analytics tools, advertising platforms, etc.), including payment infrastructures. These tools usually require a paid subscription, but they also offer free trial versions.

4.2. Web Analytics Platforms (Google Analytics)

Some websites track payment transactions using web analytics platforms such as Google Analytics. In Google Analytics, if the "E-commerce Tracking" feature is enabled, data related to payment transactions (transaction amounts, payment methods, etc.) is recorded. By examining this data, you can gain information about the payment infrastructure used.

5. Comparison of Payment Infrastructures

There are many different payment infrastructures available in the market. Each has its own advantages and disadvantages. The table below compares the basic features of some popular payment infrastructures.

6. Real-Life Examples and Case Studies

6.1. Example 1: A Small E-Commerce Site

A small e-commerce site uses Stripe as its payment infrastructure. In the website's source code, there is a reference to Stripe's JavaScript library. Additionally, Stripe's logo and credit card logos (Visa, Mastercard) are displayed on the payment page. Network analysis performed in developer tools shows that payment transactions are sent to "api.stripe.com".

6.2. Example 2: A Large Online Store

A large online store uses both PayPal and iyzico as its payment infrastructure. On the payment page, users have the option to pay with PayPal or by credit card. Users who choose to pay by credit card are redirected to iyzico's payment page. The website's privacy policy refers to the data processing policies of both PayPal and iyzico.

7. Frequently Asked Questions

• 7.1. Why is it Important to Know a Site's Payment Infrastructure?
• Knowing a site's payment infrastructure is important for conducting security assessments, performing competitor analysis, and optimizing integration processes.
• 7.2. How to Integrate Payment Infrastructure?
• Payment infrastructure integration is usually done using an API or SDK (Software Development Kit). Each payment infrastructure has its own integration documentation. By following this documentation, you can integrate the payment infrastructure into your website or application.
• 7.3. Which Payment Infrastructure is More Secure?
• All reliable payment infrastructures are PCI DSS (Payment Card Industry Data Security Standard) compliant. PCI DSS is a set of security standards designed to ensure the secure processing of credit card data. You can assess the security of a payment infrastructure by checking whether it is PCI DSS compliant.
• 7.4. How to Choose a Payment Infrastructure?
• The choice of payment infrastructure depends on your business's needs and goals. You can choose the most suitable payment infrastructure for your business by considering factors such as supported payment methods, ease of integration, pricing, security, and customer support.

8. Conclusion and Summary

Learning about a website's payment infrastructure is possible using various methods. Browser tools, source code inspection, network analysis, monitoring API requests, and third-party tools are the main methods that can be used for this purpose. Each method has its own advantages and disadvantages. Therefore, you can perform a more comprehensive analysis by using different methods together. The choice of payment infrastructure depends on your business's needs and goals. You can choose the most suitable payment infrastructure for your business by considering factors such as security, pricing, ease of integration, and supported payment methods.

9. Step-by-Step Instructions (Stripe Example)

Here's a step-by-step example of how to find out a website's payment infrastructure using Stripe:

1. Visit the Website: Visit the website you want to inspect.
2. Open Developer Tools: Open developer tools in your browser (Usually with the F12 key or by right-clicking and selecting "Inspect").
3. Go to the Network Tab: Click on the "Network" tab in the developer tools.
4. Start the Payment Process: Start the process of purchasing a product or service on the website and go to the payment page.
5. Inspect Network Requests: In the Network tab, inspect the HTTP requests made during the payment process. Focus on requests with domain names like "stripe.com" or "api.stripe.com".
6. Inspect Source Code (Alternative): View the source code of the web page (by right-clicking and selecting "View Page Source"). Look for references to Stripe's JavaScript files, such as <script src="https://js.stripe.com/v3/"></script>.
7. Inspect the Payment Page: Look for branding on the payment page, such as the Stripe logo or credit card logos (Visa, Mastercard).

10. Security Measures and Things to Consider

• SSL Certificate: Make sure the payment page is protected with an SSL certificate. There should be a lock icon in the address bar.
• PCI DSS Compliance: Check if the payment infrastructure you are using is PCI DSS compliant.
• Privacy Policy: Read the website's privacy policy and terms of use.
• Suspicious Activities: If you detect suspicious activities or errors, contact the website administrators or the payment infrastructure provider.

11. Comparison of Payment Methods

Different payment methods differ in terms of user experience, security, and cost. The table below compares the basic features of some popular payment methods.