Makeing secure credit card transactions

delanest

Hi, I do a bit of web design (XHTML, XML) and also java programming. I want to set up a credit card payment system on a website.

What kind of code do you need to write/buy (SSL etc.)
Do you need to arrange amything with the bank ?
Any other charges?

Just a general run down of how to do this and any costs would be great.

By the way this is just for hobbie purposes and I do not have any commercial purpose in mind

seamus

Afaik, you need to set up an account with either the credit card company or a big Internet payments site (Worldpay, etc) to be able to do credit card transactions. You'll be better off with Worldpay or someone like that, as their charges will be less, they provide APIs to run your credit card checks/authorisation/charging, and if you stick "Worldpay" on your site, then people are assured that you are reputable, rather than "We are an authorised Credit Card charger" or something.

You'll need an SSL cert to run https connections. Some hosting providers insist you get a static IP to run SSL certs, other will allow it on a shared IP, and others will provide shared SSL certs (basically you get a few pages on a different server where the customer fills in their data).

Afaik, there's no difference between coding a secure page and coding a standard page. The securing of the connection is done at the server level, so there's no need for the page code to do any encrypting/decrypting. About the only security coding that need to be done is to ensure at all times that the session is running over a https connection and not an http one.

Under no circumstances should you ever have anyone enter any kind of details (even name & address IMO) to do with a financial transaction unless the page is secure.

TBH, I've never coded any secure system, so someone may be able to correct me where wrong.

madramor

ssl is all handled by the server

so read the documents for your particular server, to set up ssl

then just write the code to process the request containing the card info,as you would any request.

madramor

an easy way to get security on your site is to use Hush Forms
http://www.hushmail.com
this is an applet you can use on your site that encrypts the data entered and sends it to you in a secure mail ,they have phil zimmerman the inventor of pgp as one of their advisors, so they are pretty good.

ressem

There's a few threads on this topic already on boards, mostly in Comp > Web > Web Hosting

If you type 'realex' into the boards search box you'll find some good ones.



There's the completely manual route, where people send credit card info over a secure web page, to be placed into a database. Then you need a credit card approval facility with some bank. Same as CC over the phone.

You've got the paypal/moneybookers route, with fees on transactions only, so customer has to subscribe through a third party. Payment notification by email or whatever.

There's the worldpay route, internet merchant a/c, holds your money for 4 weeks or so.

There's the pro route of getting a merchant account (the realex/clikpay euroconex route mentioned in many forum articles, that is pretty strict).

Any other charges, plenty,
withdrawal fees, cross currency fees, basic monthly payments, transaction fees, added security/insurance fees.

I want to set up a credit card payment system on a website....By the way this is just for hobbie purposes and I do not have any commercial purpose in mind

:rolleyes: