[SOLVED] Online Checking
Moderator: General Moderators
Online Checking
I'm supposed to make a website for someone, but uh...I don't really know how.
I know how to do everything, except I was thrown when he said he wanted to be able to accept checks. I've never done this or seen this done except at my credit card company website to pay my bills. Can anyone suggest an open source or software that I can use to do these this?
I was looking at OSCommerce, but I didn't see the ability to do the checking thing. I don't get how financial transactions work though. I could build a site and a store, and have it be secure, but once I get their information, I don't known what to do with it. All the ones that you pay for, like worldpay or 2checkout charge you per transaction. Is OSCommerce free or how does that work?
I am just very iffy about making my first online store, because there is a lot more pressure working with people's financial information.
I know how to do everything, except I was thrown when he said he wanted to be able to accept checks. I've never done this or seen this done except at my credit card company website to pay my bills. Can anyone suggest an open source or software that I can use to do these this?
I was looking at OSCommerce, but I didn't see the ability to do the checking thing. I don't get how financial transactions work though. I could build a site and a store, and have it be secure, but once I get their information, I don't known what to do with it. All the ones that you pay for, like worldpay or 2checkout charge you per transaction. Is OSCommerce free or how does that work?
I am just very iffy about making my first online store, because there is a lot more pressure working with people's financial information.
Well I'm confident about everything except online checks.
I plan on using OSCommerce after I inspect it more, but shouldn't that be secure? Another option would be one of those services when the shopping cart and everything is done on their server. Wouldn't one of those two options be secure?
I do NOT plan on coding anything myself that directly relates to handling financial transactions or information without a better understanding.
I plan on using OSCommerce after I inspect it more, but shouldn't that be secure? Another option would be one of those services when the shopping cart and everything is done on their server. Wouldn't one of those two options be secure?
I do NOT plan on coding anything myself that directly relates to handling financial transactions or information without a better understanding.
Using ready-made cart software would be fine in general - I can't comment on OsCommerce specifically.
There's a lot of other stuff though. Are you responsible for maintaining a secure server? Or are you using a shared host? You can't. Instead you need some kind of virtual private server or a dedicated host - and expect to pay for it. UML (user-mode-linux) options can be inexpensive but then you will have to maintain the server software, keeping it up to date.
There are other non-software issues. I used to work on an online shop where no matter how many times I complained, the boss used an insecure desktop PC to download cc numbers (it never got kept up to date with windows critical security patches or had regular virus scans for example) and the machine itself could physically have been accessed by anyone who came into the shop when it was busy and staff were engaged with customers. CC numbers would be left on the web site for months at a time rather than deleting them after downloading.
There's a lot to consider and you need to start with a top-to-bottom security review which covers working practices as well as the hardware/software side. It would be difficult to do all that properly without a solid general knowledge of internet technologies - not to mention the psychology of lazy bosses
There's a lot of other stuff though. Are you responsible for maintaining a secure server? Or are you using a shared host? You can't. Instead you need some kind of virtual private server or a dedicated host - and expect to pay for it. UML (user-mode-linux) options can be inexpensive but then you will have to maintain the server software, keeping it up to date.
There are other non-software issues. I used to work on an online shop where no matter how many times I complained, the boss used an insecure desktop PC to download cc numbers (it never got kept up to date with windows critical security patches or had regular virus scans for example) and the machine itself could physically have been accessed by anyone who came into the shop when it was busy and staff were engaged with customers. CC numbers would be left on the web site for months at a time rather than deleting them after downloading.
There's a lot to consider and you need to start with a top-to-bottom security review which covers working practices as well as the hardware/software side. It would be difficult to do all that properly without a solid general knowledge of internet technologies - not to mention the psychology of lazy bosses
No offense man, but you should seriously listen to McGruff on this. If you have never done this before, you are way over your head. There is no shame in telling a client that you cannot do something. However, when you tell him that you CAN, and you don't secure yourself, you are not only going to leave his customers completely open to attacks, but also leave yourself open to lawsuits.
What I would do if I were you is just tell him you'll build the site and do everything that you had originally intended. Then, tell him that you will work on the online payment system. Tell him it might take you 3 months, might take you 8 months to be able to do it correctly. By doing this, you are not only helping yourself out, but you are showing your client that you are #1, the man for the job, #2 looking out for his interest, and #3, able to adapt to any given situation he may throw at you.
Again, DO NOT attempt to build this site if you don't know what youa re doing. You will get screwed in so many ways...
EDIT :: If i'm not mistaken, you may want to consult with Jason on this matter. I think his company specializes in this type of app that you are needing.. Maybe he could sell you something, or help you out in some way? if you buy it though, you are gonna have to tell yoru client it will cost more money to compensate buying additional software to make what you want to do work...
What I would do if I were you is just tell him you'll build the site and do everything that you had originally intended. Then, tell him that you will work on the online payment system. Tell him it might take you 3 months, might take you 8 months to be able to do it correctly. By doing this, you are not only helping yourself out, but you are showing your client that you are #1, the man for the job, #2 looking out for his interest, and #3, able to adapt to any given situation he may throw at you.
Again, DO NOT attempt to build this site if you don't know what youa re doing. You will get screwed in so many ways...
EDIT :: If i'm not mistaken, you may want to consult with Jason on this matter. I think his company specializes in this type of app that you are needing.. Maybe he could sell you something, or help you out in some way? if you buy it though, you are gonna have to tell yoru client it will cost more money to compensate buying additional software to make what you want to do work...
It's true that we do assist webmasters with this sort of thing, and I would be more than willing to discuss this with you, at a business level (In other words, off the boards). I will try to provide a better answer in the near future; however, I have to double check our phpBB installation, apparently bad things are happening. =)
Generally the only way to learn about credit card processing and online checking is to read the documentation for the service that you're going to use in order to do it. They all have different APIs, security systems, and workflow. Anything you could read in a book would a. be extremely general and consequently rather vague, and b. be out of date by the time the book went to press.
Thanks guys. I guess I'll start reading up on the how to's of processing with each service.
For this guys site, I think I'll just make the store myself or use osCommerce and just send all the dirty work to be done by 2checkout.com. It's one of the only sites I've seen (out of maybe 5) that does the checking like I wanted.
I think it will be better for this guy to pay fees as he goes and not monthly because I really don't see a lot of people buying authentic recreation civil war clothing
Thanks for the help everyone.
For this guys site, I think I'll just make the store myself or use osCommerce and just send all the dirty work to be done by 2checkout.com. It's one of the only sites I've seen (out of maybe 5) that does the checking like I wanted.
I think it will be better for this guy to pay fees as he goes and not monthly because I really don't see a lot of people buying authentic recreation civil war clothing
Thanks for the help everyone.
Apologies if I was too discouraging. What I meant to say was that it's not the sort of thing you ought to learn on the job since mistakes could be catastrophic for the business and your own reputation as a programmer. It's not very fair to the customers either.
To learn, read everything you can find about security re php, servers, desktops - everything. As well as creating a solid php program you probably should be able to advise clients about what kind of server to set the shop up on (possibly you might even have to manage the server yourself: set up your own Linux partition and muck about with apache etc) and how to keep the machine/office network where credit card numbers are downloaded secure.
Also, get as much experience as you can building simpler, less security-sensitive websites.
OWASP Top Ten
W3C security FAQ
To learn, read everything you can find about security re php, servers, desktops - everything. As well as creating a solid php program you probably should be able to advise clients about what kind of server to set the shop up on (possibly you might even have to manage the server yourself: set up your own Linux partition and muck about with apache etc) and how to keep the machine/office network where credit card numbers are downloaded secure.
Also, get as much experience as you can building simpler, less security-sensitive websites.
OWASP Top Ten
W3C security FAQ
I would strongly advice to integrate a 3rd party billing system for online checks. I have done some programming for the adult biz and they report a high returned check rate. You need a 3rd party billing service that has an advanced screening and scrubbing experience.
You might as well tell your client that checks might yield a 30 to 50% return rate (even more if you got no experience with scrubbing) and you might not need to program at all.
You might as well tell your client that checks might yield a 30 to 50% return rate (even more if you got no experience with scrubbing) and you might not need to program at all.