Jump to content

Question About Payment Gateway For Scratch Built Shopping Cart

shadepergolas
 Share

Recommended Posts

shadepergolas Newbie

shadepergolas

Posted
Posted

Hi everyone,

I am giving myself an ulcer over this....

 

I've built a simple ecommerce site for a client who will be selling a product out of the United States. All aspects of the site are in place and are working. The client has an existing Merchant visa account and they want to be able to process the online orders they receive through this merchant VISA. I have purchased an SSL and secure server with TotalChoice. Now I need to know how to get the Credit Card information to my customer in the States SECURELY. I am assuming I need something like Verisign to do this? But I am totally new to all this. In the past, I have gone through Paypal, but this customer doesn't want to do that because the online items are quite expensive and they will lose a lot through the commission Paypay charges.

 

Can anyone offer me some clarity on how this secure transfer of information needs to happen and maybe offer some advice on which company is a good one and what I should be asking for? Thanks so much. I'm losing sleep over worrying about this!

Link to comment
Share on other sites
OJB Rising Star

OJB

Posted
Posted

You need to look into online payment processors.

 

A few examples of some are:

 

SecPay (paypoint)

SagePay (formally Protx who I myself have integrated with successfully in the past)

WorldPay

 

 

What you tend to have to do is send a HTTPS POST to their gateway with the details they require and they process the payment for you and send you back a secure response which you then process your end to update your database records.

 

Some of them even host the payment screens for you, so you don't have to build those yourself.

Link to comment
Share on other sites
shadepergolas Newbie

shadepergolas

Posted
  • Author
Posted

Thanks for your reply OJB. I have been checking out SagePay since you say you have been successful with that in the past. I'm not sure which option to choose though. I don't think we actually want the system to make the payment. I think what the client wants is to receive the credit card number in their store and manually put it through. I have my own pages to capture client info and credit card info and can store this information in my own database. I just need SagePay to provide me with a secure way to pass this info to client. I'm not familiar with a lot of the terminology they are using so I'm not sure which option to choose. Rather than spend a couple of hours trying everything out, I was hoping you would remember the options and tell me which one I would use. The options are Form, Direct or Server. I'm thinking it's probably Form, but again, I'm not sure. Any advice?

 

Thanks so much for the help you've given me so far in guiding me!

 

 

 

 

 

You need to look into online payment processors.

 

A few examples of some are:

 

SecPay (paypoint)

SagePay (formally Protx who I myself have integrated with successfully in the past)

WorldPay

 

 

What you tend to have to do is send a HTTPS POST to their gateway with the details they require and they process the payment for you and send you back a secure response which you then process your end to update your database records.

 

Some of them even host the payment screens for you, so you don't have to build those yourself.

Link to comment
Share on other sites
OJB Rising Star

OJB

Posted
Posted

I'm not sure about how you were planning on storing the details nor the laws in your country but what you are suggesting I think is illegal in my country. You are not allowed to store credit card details of a customer in a database UNLESS they are encrypted. So what you would have to do is encrypt the credit card details (number, CV2 code, expiry date) with a private key and give a public key to your client and pass the data encrypted to them for them to decrypt. Something similar to this:

 

http://en.wikipedia.org/wiki/Public-key_cryptography

 

I am no security expert nor do I know the laws in and out but I would be careful with storing CC details.

 

 

When I integrated with SagePay it was to have them process the payment their end, therefore I don't really know what to suggest. Sorry about that.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...