Overview

The Scotiabank Commerce payment gateway module developed by Caribbean New Media provides a secure and efficient way to process payments in Drupal 9+ Commerce. It is a custom offsite payment integration designed specifically for businesses in Barbados and the wider Caribbean region that rely on Scotiabank’s online payment infrastructure.

Module Architecture

The module follows Drupal’s Commerce Payment API standards, ensuring compatibility, maintainability, and future scalability. It introduces a new offsite payment gateway plugin (scotia_commerce) that handles the full payment lifecycle:

  • Payment Initialization – Redirects customers to Scotiabank’s secure hosted payment page.

  • Offsite Processing – Scotiabank handles sensitive data entry (credit/debit cards) outside the merchant’s server, reducing PCI scope.

  • Response Handling – The module validates and processes the gateway’s response, updating the order status in Drupal Commerce.

The integration is built around these key components:

  • PaymentOffsiteForm.php – Generates and submits the payment form.

  • OffsiteRedirect.php – Handles the redirection to Scotiabank’s secure checkout.

  • OffsiteRedirectController.php – Processes return responses and updates orders.

  • Config Files – Define gateway defaults such as test mode, redirect method, and sandbox environment.

Ready-to-Use Configuration

Unlike many generic payment modules, this integration is pre-configured with defaults that simplify deployment:

  • Runs in TEST mode out of the box for safe validation.

  • Uses a sandbox environment for trial transactions.

  • Supports POST redirect method for secure data transfer.

  • Built-in gateway entity configuration ensures instant setup inside Drupal Commerce.

Merchants simply update their Store ID and Shared Secret provided by Scotiabank, and the payment gateway is ready to process transactions.

Testing & Debugging

The module also includes built-in testing routes to help developers verify setup quickly:

  • Gateway Test Route (/scotia/commerce/test-gateway) – Simulate direct gateway calls.

  • Payment Response Route (/scotia/commerce/payment/test) – Debug sample responses locally.

For advanced validation, external tools like HMAC SHA256 hash generators and parameter checkers can be used to confirm request signatures.

Security Highlights

  • HMAC SHA256 Hashing ensures integrity and prevents tampering of requests.

  • Offsite Payments keep sensitive customer data on Scotiabank’s servers, reducing PCI compliance burden.

  • Sandbox & Production Modes allow businesses to test safely before going live.

Workflow in Action

  1. Customer checks out and selects Scotiabank Commerce.

  2. The module builds a secure offsite payment form.

  3. The customer is redirected to Scotiabank’s hosted page to enter payment details.

  4. Scotiabank processes the transaction and returns a signed response.

  5. The module validates the response and updates the order status in Drupal Commerce.

Key Benefits

  • Seamless Integration with Drupal Commerce checkout flows.

  • Secure, Reliable & Region-Specific – built for Caribbean merchants.

  • Future-Proof & Flexible – easily extended for custom business needs.

  • Faster Time-to-Market – ships with defaults for quick deployment.

Conclusion

The Scotiabank Commerce payment module for Drupal 9+, built by Caribbean New Media, offers a secure, tested, and region-ready payment solution for businesses in the Caribbean. By integrating directly with Drupal Commerce and leveraging Scotiabank’s infrastructure, it delivers a future-proof e-commerce experience that balances security, performance, and ease of use.

👉 Partner with us at Caribbean New Media to integrate Scotiabank Commerce into your online store and unlock the power of secure digital payments in the Caribbean.

About Project
ecommerce
payment gateway
online payment
custom modules
drupal 9
scotiabank
Share