accepting credit card payments

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

accepting credit card payments

Post by s.dot »

I'm currently doing a website for a telephone company client. They have their own banks, and setups, and what not. What they don't do is accept payments through their websites.

I've never done a credit card processing script before.
Is it difficult, anything out of the norm from "regular programming"?

Obviously, I'd have to go SSL.

Is this a subject that I shouldn't offer to touch if I've never done it before?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Begby
Forum Regular
Posts: 575
Joined: Wed Dec 13, 2006 10:28 am

Post by Begby »

You will need to get an SSL cert setup on your server for the domain.

Next you will need to work with a third party company that handles credit card transactions. A popular one (albeit somewhat expensive one) is Authorize.net. You will need to work with your client and the third party provider to setup an account to get the funds from the company into their bank using your client's merchant account.

With authorize.net you will look at their handy dandy manual, write some code to create an XML request, then using the PHP curl library open a secure connection to authorize.net to debit the credit card. Authorize.net has a well documented API that you can use communicate with authorize.net and check a credit card for sufficient funds, cancel transactions, setup monthly recurring billing etc. etc.

Some others here can probably suggest other providers as well.

One thing though, DO NOT store any of the credit card numbers in a database ever for any reason. You send them to authorize.net or whatever and let them store them, then you get a transaction code that you store. Don't email them either.

I have had some cheapskate clients press me real hard to setup a system where the credit card numbers would just get mailed to them so they could type them into a machine. I refused and they went to a different developer who actually did it for them. wow.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

I don't trust anyone much with my credit card number these days - either I'll pay via Paypal or if that's not an option I'll purchase a prepaid Visa voucher separately. I'd agree totally with feyd, unless you have a really good reason to record credit card numbers don't store them, not even temporarily. Clients have a habit of seeing them as a list of numbers, and not as a list of €3000+ bills waiting for the next fraudster to cash in...

Authorize.net are expensive, but I've never had any issues using them so I don't mind the expense. It's not an area you skimp on, but I'm sure the next cheapest sources are just as reliable so shop around and check out any independent reviews if you want to assess a few alternatives.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

While I realize I've posted about credit card processing and storage before, I didn't realize that I responded to this thread. 8O

Image
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Temporary lapse ;).
Post Reply