Page 1 of 1

accepting credit card payments

Posted: Mon Mar 05, 2007 11:36 am
by s.dot
I'm currently doing a website for a telephone company client. They have their own banks, and setups, and what not. What they don't do is accept payments through their websites.

I've never done a credit card processing script before.
Is it difficult, anything out of the norm from "regular programming"?

Obviously, I'd have to go SSL.

Is this a subject that I shouldn't offer to touch if I've never done it before?

Posted: Mon Mar 05, 2007 3:18 pm
by Begby
You will need to get an SSL cert setup on your server for the domain.

Next you will need to work with a third party company that handles credit card transactions. A popular one (albeit somewhat expensive one) is Authorize.net. You will need to work with your client and the third party provider to setup an account to get the funds from the company into their bank using your client's merchant account.

With authorize.net you will look at their handy dandy manual, write some code to create an XML request, then using the PHP curl library open a secure connection to authorize.net to debit the credit card. Authorize.net has a well documented API that you can use communicate with authorize.net and check a credit card for sufficient funds, cancel transactions, setup monthly recurring billing etc. etc.

Some others here can probably suggest other providers as well.

One thing though, DO NOT store any of the credit card numbers in a database ever for any reason. You send them to authorize.net or whatever and let them store them, then you get a transaction code that you store. Don't email them either.

I have had some cheapskate clients press me real hard to setup a system where the credit card numbers would just get mailed to them so they could type them into a machine. I refused and they went to a different developer who actually did it for them. wow.

Posted: Tue Mar 06, 2007 5:35 am
by Maugrim_The_Reaper
I don't trust anyone much with my credit card number these days - either I'll pay via Paypal or if that's not an option I'll purchase a prepaid Visa voucher separately. I'd agree totally with feyd, unless you have a really good reason to record credit card numbers don't store them, not even temporarily. Clients have a habit of seeing them as a list of numbers, and not as a list of €3000+ bills waiting for the next fraudster to cash in...

Authorize.net are expensive, but I've never had any issues using them so I don't mind the expense. It's not an area you skimp on, but I'm sure the next cheapest sources are just as reliable so shop around and check out any independent reviews if you want to assess a few alternatives.

Posted: Tue Mar 06, 2007 8:41 am
by feyd
While I realize I've posted about credit card processing and storage before, I didn't realize that I responded to this thread. 8O

Image

Posted: Tue Mar 06, 2007 10:01 am
by Maugrim_The_Reaper
Temporary lapse ;).