I'm currently doing a website for a telephone company client. They have their own banks, and setups, and what not. What they don't do is accept payments through their websites.
I've never done a credit card processing script before.
Is it difficult, anything out of the norm from "regular programming"?
Obviously, I'd have to go SSL.
Is this a subject that I shouldn't offer to touch if I've never done it before?
accepting credit card payments
Moderator: General Moderators
accepting credit card payments
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
You will need to get an SSL cert setup on your server for the domain.
Next you will need to work with a third party company that handles credit card transactions. A popular one (albeit somewhat expensive one) is Authorize.net. You will need to work with your client and the third party provider to setup an account to get the funds from the company into their bank using your client's merchant account.
With authorize.net you will look at their handy dandy manual, write some code to create an XML request, then using the PHP curl library open a secure connection to authorize.net to debit the credit card. Authorize.net has a well documented API that you can use communicate with authorize.net and check a credit card for sufficient funds, cancel transactions, setup monthly recurring billing etc. etc.
Some others here can probably suggest other providers as well.
One thing though, DO NOT store any of the credit card numbers in a database ever for any reason. You send them to authorize.net or whatever and let them store them, then you get a transaction code that you store. Don't email them either.
I have had some cheapskate clients press me real hard to setup a system where the credit card numbers would just get mailed to them so they could type them into a machine. I refused and they went to a different developer who actually did it for them. wow.
Next you will need to work with a third party company that handles credit card transactions. A popular one (albeit somewhat expensive one) is Authorize.net. You will need to work with your client and the third party provider to setup an account to get the funds from the company into their bank using your client's merchant account.
With authorize.net you will look at their handy dandy manual, write some code to create an XML request, then using the PHP curl library open a secure connection to authorize.net to debit the credit card. Authorize.net has a well documented API that you can use communicate with authorize.net and check a credit card for sufficient funds, cancel transactions, setup monthly recurring billing etc. etc.
Some others here can probably suggest other providers as well.
One thing though, DO NOT store any of the credit card numbers in a database ever for any reason. You send them to authorize.net or whatever and let them store them, then you get a transaction code that you store. Don't email them either.
I have had some cheapskate clients press me real hard to setup a system where the credit card numbers would just get mailed to them so they could type them into a machine. I refused and they went to a different developer who actually did it for them. wow.
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
I don't trust anyone much with my credit card number these days - either I'll pay via Paypal or if that's not an option I'll purchase a prepaid Visa voucher separately. I'd agree totally with feyd, unless you have a really good reason to record credit card numbers don't store them, not even temporarily. Clients have a habit of seeing them as a list of numbers, and not as a list of €3000+ bills waiting for the next fraudster to cash in...
Authorize.net are expensive, but I've never had any issues using them so I don't mind the expense. It's not an area you skimp on, but I'm sure the next cheapest sources are just as reliable so shop around and check out any independent reviews if you want to assess a few alternatives.
Authorize.net are expensive, but I've never had any issues using them so I don't mind the expense. It's not an area you skimp on, but I'm sure the next cheapest sources are just as reliable so shop around and check out any independent reviews if you want to assess a few alternatives.
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
