-----Original Message----- From: Gary [mailto:gwpaul@xxxxxxx] Sent: Wednesday, May 20, 2009 8:48 AM To: php-general@xxxxxxxxxxxxx Subject: Accepting Credit Card Payments Sorry, the first postssss were put in the wrong place... Not sure this is a direct PHP question, however I know I will get some answers here. I have a customer that I am bidding a small project for. They want to be able to accept credit card payments for enrollment into a class. Their customer will fill out a form and pay via CC on the site. Is this something that I should just look to the host for whatever shopping cart they have or is there an easy to administer software package that I should look into. Or since it is a one item cart, is this something that I could code? Thanks for your help. Gary Your choices in the US are either use a service like PayPal or to call around and find a merchant service that will approve an account for this activity. The second requires transaction records for the past x years or possibly they may ask for your tax returns for the same period. They also will want to know what your average monthly sales are using CC's and how many charge backs you have. Charge backs are bad. The second MAY be had through the clients bank and they should start there. Since this is a virtual product, nothing tangible is being sold, it is considered high risk and this will limit the companies you can get a merchant account from. The first requires the client to register with PayPal and to go through their verification process. PayPal bought Verisign's PayFlow Pro years ago and as such now offers a more professional option than just the old standard. If the client doesn't have a huge revenue stream yet then PayPal may be their best bet to get started. Once you have settled on the merchant account you then need to determine if you need an SSL, normally if you are applying for a "regular" merchant account they will want to see an active SSL on the site they are approving the account for BEFORE they approve you. Lastly, even though I find PCI compliance to be just this side of worthless, you still should look into it and do your best to make sure the site will at least pass the test. Let me clarify my negative statement by saying that everything that is required in the PCI compliance and DSS I was already doing as a matter of what I considered to be common sense. Marc Hall -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __________ Information from ESET Smart Security, version of virus signature database 4089 (20090519) __________ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
