Page 1 of 1

Payments

Posted: Thu Dec 08, 2011 5:38 am
by YoussefSiblini
Hi,
What I want to do is:
Create a website where people can upload products and sell them. So how does the process work, how do the payments go directly from both bank accounts.


Youssef

Re: Payments

Posted: Thu Dec 08, 2011 6:19 am
by social_experiment
http://www.webpayments.ie/web-payments/ ... ments-work
You can also google using "Online payments; how do they work?" as search phrase. Hth

Re: Payments

Posted: Thu Dec 08, 2011 8:50 am
by YoussefSiblini
Thank you for your reply,
I googled it before but they saying about if I want to sell and all the payment will be to my account, but what I want is payments to the customer who is selling in my website.
user 1 upload product to my website to sell it and user 2 buy it (so the payment will be from user 2 account into user 1 account).


Youssef

Re: Payments

Posted: Thu Dec 08, 2011 3:16 pm
by social_experiment
YoussefSiblini wrote:but what I want is payments to the customer who is selling in my website.
user 1 upload product to my website to sell it and user 2 buy it (so the payment will be from user 2 account into user 1 account).
The principle is still the same, the money just doesn't go into your account. For this you would have to store information of the seller which means potential security risks. I haven't look at the url i posted but it should cover this aspect as well

Re: Payments

Posted: Sat Jan 21, 2012 6:37 am
by YoussefSiblini
Hi,
Sorry for the delayed, I was in a holiday.
Would this require an SSL Certificate, or can I use a different methods, tell I am able to get one?

Youssef

Re: Payments

Posted: Sat Jan 21, 2012 8:32 am
by twinedev
Accepting payments is a serious business. Anyone not familiar with PCI rules should take the time to check out:

https://www.pcisecuritystandards.org/merchants/ (general merchant info)
https://www.pcisecuritystandards.org/smb/ (geared to inform small businesses)

There are mainly three ways to process payments:

1. Payment collection is taken care of by 3rd party, (ex. Paypal, Authorize.Net, FirstData, etc) With this method, NO credit card information is accepted by your site. This is the most secure (ie. LEAST LIABILITY for you). Companies given as examples, this is their business, they take most of the liability, they know what rules/guidelines are in place, they are up to date on things. Let them deal with it. Save the headaches! (and yes, you CAN do it an keep it from looking "amateurish", I'm dealing with this now.) NOTE. SSL is NOT needed with this route, but depending on how you are handling checkout, you may want it. (ex. we have the Authorize.Net checkout showing in a lightbox on our site, so we like our final checkout to show secured to the customers).

2. You use SSL, you have a checkout page on your site where you collect their payment data. Behind the scenes your server sends that off to the payment processor and gets a result (either accepted or declined, with other data too), then you site completes the order. With this route, you need to be aware of security for your site, not only physical, but electronically. You have now become the winkest link on Identity theft issues other than what the customer may do.

3. You collect the credit card information, you either store it, or transmit it to be manually processed. DO NOT DARE go this route until you are FULLY aware of the information at the links I gave above. Just to much to go over.

How not to do it: Take the credit card information on a non-secure site, then submit that form via non secure link to a third party form processing company, that both e-mails RAW text the information as well as saves a copy (again raw text) to a database. This is like the trifecta of Payment processing failure. I actually saw a company doing this! I told them unless the payment part was taken off line immediately, I wouldn't do work for them.

A lot of people don't think about what the worse could happen is. Ask a lawyer. Someone determines that their credit card information was compromised by you, while the credit card companies are getting way nice at refunding money to their card holders, people value their time, you can get sued for loss of time, their cost to hire lawyer, their paying for a service for identy theft monitoring for a year.

Still not seem bad? Oh, I payed $5000 to that person.... What if you have 1000 customers. Word gets out, you can be liable for all of them to hae identity theft monitoring, audits of their purchases, and lets face it, there are going to be those people who will try to claim stuff they bought, they didn't. Not to mention, on top of all this, if you merchant account provider finds out... Time to switch providers and/or change business names...

Overkill? exaggeration? Nope, real live examples of what I have seen happen to companies doing things wrong (other than that figure of $5000, that I don't know how much got paid, just know they had to pay all customers that learned of the security breach.)

-Greg

Re: Payments

Posted: Sat Jan 21, 2012 12:46 pm
by YoussefSiblini
Thank you, very much that was so useful,
What I am going to do is:
1- Use 3rd party (PayPal) so when the user have to pay he will be in a PayPal secure page.
2- When the user want to sell product in my website, I will ask him for his PayPal email account and change the <input type="hidden" name="business" value="useremail@xxxxxx.com"> into his email so the money goes into his PayPal account, and the same PayPal will be dealing with this.

In this way the user will be in a secure webpage to pay and I will be in a safe place too.

What do you think about this?


Youssef