Integrating with Payment Gateways
Integrating software with payment gateways can be a
confusing subject.
Different payment gateways offer different options. Options
are given unique and sometimes not-so-intuitive names. Each
gateway has the best options and the best service, according
to their promotional material. And I've never integrated
software with any payment gateway that had customer service
I would brag about.
I'll try to de-confuse it a bit.
A payment gateway is where credit card (or debit card or
check) information is accepted when an online purchase or
other payment is made. The payment gateway consults the
customer's bank or credit provider and obtains a
transaction approval (or disapproval).
Integration can be set up in several ways.
One way is:
-
The customer makes purchase choices at the
merchant's web site.
-
Customer is then sent to the payment gateway's
secure server to provide payment details.
-
The payment gateway then returns the customer to
the merchant's web site.
Another way is:
-
The customer makes purchase choices at the
merchant's web site.
-
The customer provides payment details at the
merchant's secure server.
-
Software on the merchant's secure server consults
software at the payment gateway's secure server to
obtain transaction approval.
That's the basic idea.
Some payment gateway services use their own credit card
merchant account. They collect the money and give the
selling merchant its share.
Other payment gateways services require merchants to have
their own credit card merchant account. The merchant's bank
collects the money and gives the merchant its share.
Payment gateways almost always have documentation available
covering the specifics of how to integrate shopping cart
software with their generally unique systems.
Although many payment gateway services include fraud checks,
they can not detect it all. And they are no protection from
charge backs. See http://merchant911.org/ for things you can
to do protect yourself from fraud.
Rolling Your Own
Payment gateways can be bypassed, along with their service
fees, by storing credit card information directly on the
merchant's server. The credit card/debit/check charges are
then manually posted to the merchant's bank.
There is a hazard with rolling your own. Although a secure
server, it is no less vulnerable to cracking than would be
a regular server, just because it has an SSL certificate.
Secure servers are called secure servers when they have an
SSL certificate. SSL means Secure Socket Layer.
The "secure" in secure server applies to transactions with
browsers connected to secure servers. And that's all. It
does not relate to security of the server itself.
Even big companies, who one assumes have a staff dedicated
to the security of their servers, can have break-ins.
If you roll your own, it would be prudent to remove the
credit card and other sensitive information from the server
as soon as possible after the customer provides it.
Summary
A payment gateway is where either:
-
The customer provides payment information for
approval.
-
Or, payment information previously provided by
the customer is submitted for approval.
The method of integrating software with a payment gateway
is unique for each payment gateway.
Question:
Did you find this article interesting and understandable? How can it be improved?
Your response is anonymous.
When done typing, click anywhere outside the box. [more info]
Will Bontrager
©2005 Bontrager Connection, LLC
Please note:
Articles on this website are presented "as is". However -
If you have a question about a CGI script, HTML, CSS, PHP, or JavaScript
Ask one of our Experts and you'll have your answer!
Click here for details.
