-----Original Message----- From: tedd [mailto:tedd.sperling@xxxxxxxxx] Sent: Wednesday, May 20, 2009 9:28 AM To: Gary; php-general@xxxxxxxxxxxxx Subject: Re: Accepting Credit Card Payments At 8:48 AM -0400 5/20/09, Gary wrote: >Sorry, the first postssss were put in the wrong place... > >Not sure this is a direct PHP question, however I know I will get some >answers here. I have a customer that I am bidding a small project for. >They want to be able to accept credit card payments for enrollment into a >class. Their customer will fill out a form and pay via CC on the site. Is >this something that I should just look to the host for whatever shopping >cart they have or is there an easy to administer software package that I >should look into. Or since it is a one item cart, is this something that I >could code? > >Thanks for your help. > >Gary Gary: Are they wanting to collect the credit card information and then process that data in their shop OR are do they want the complete transaction to be completed online? In both cases you should have your script(s) work in the https directory. If they want to process the cc information themselves in their shop, then that information has to be provided to them in some secure fashion. If they want to use email, then that's a problem because email is not secure. You will have to work out a way for them to log on to a secure area and review the cc information themselves -- this is a clumsy way to do things. The more acceptable approach is to use a credit card clearing company like PayPal.com. They have different types of merchant accounts which offer different types of processing and features and fees. Go to PayPal.com and check it out. Basically there are two types of collection systems. [1] One where you direct the user to PayPal with the item(s) they want to purchase and then PayPal does everything (i.e., collects the cc information and approves the transaction -- the simplest); [2] Two, where you collect all the information and then contact PayPal for authorization (the more complex). While [1] is simpler [2] allows you to have full control over the user -- IOW, they never leave your site. In both cases, after the user has been approved, you are notified of the purchase, you are are credited with the purchase AND the user is [1] or [2] should be directed to a "Thank you" page. While customers like to say "This is a small project" it really isn't and does come with an element of liability on your part. For example, if you somehow make user cc information public, then you have big-time problems. That's something you should consider in your bidding. Good luck, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com Amending my previous reply, I have to agree with those that recommend you hand this over to someone that has experience doing this. I oversimplified the process I feel due to the fact that I have done this so many times, I even helped debug a few premade API's, it is second nature to me. Before you decide to dive into this yourself, consider this: you are asking normal folks to trust that you will protect their CC and personal information in you and your client. When they commit to making the payment they trust their info won't be subject to identity theft and/or CC fraud. Also, I know what you mean about getting your servers certified. It is a lengthy process. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __________ Information from ESET Smart Security, version of virus signature database 4091 (20090520) __________ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php