Questions about e-commerce site.

techguy

Hi,

I may have a web project coming up that will involve a shopping cart and online credit card payments etc.

Just wondering about how this is achieved.

Here's what I currently know:

Paypal can be used as a simple payment gateway.
More professional sites use services like Realex etc..
You don't need to develop a shopping cart as most hosting providers include this.

For security you must have an SSL connection (shared?) and possibly a dedicated IP.

Just wondering how they are all linked together securely. I'm experienced with PHP, MySQL. But, do you need to have experiece in secure programming or is that only when you start programming your own carts etc.?

Also, how are orders and accounts etc managed? I'm sure all this is taken care of by the shopping cart application..

TIA!

Trampas

I have created apps which currently use realex.

might be able to give you some help if you decide to use them

techguy

Trampas wrote: »

I have created apps which currently use realex.

might be able to give you some help if you decide to use them

Cool, thanks.

I've been doing a little research and I think I may go with Cubecart and Realex. Provided there is a support for Realex.

Have you any opinions on Cubecart? Would suggest something else. I know The likes of Cubecart, Zen Cart and OS Commerce are widely used but tbh, i'm quite sceptical about using and free/open source cart system. Would I be better of with a commercialised product?

I think after that I need to check out SSL and certs etc.. I think I'll probably need a dedicated IP also, yes?

Eoin

You don't need SSL if you are using their payments page (realex redirect).

drunkmonkey

There's loads of support out there for zen cart, if your going to process the payment on the customers site you'll need to get an SSL which usually come with the dedicated ip.
Relex and Sage Pay both have forums options if you want to process the transations off the customers site.
Also have a look at magento, it's pretty heavy on server power but looks pretty good, but if you need help online there's a huge zen community and developers out there to help you, it'll also be very easy for the customer to manage themselves.

techguy

eoin wrote: »

You don't need SSL if you are using their payments page (realex redirect).

Great, so the customer will briefly be redirected to some http://*.realex.com to input cc info. Then once it is authorized the customer is redirected to my page?

Does that mean the only thing I need to worry about is keeping my cart secure i.e having the latest version and patches installed etc?


Do you think I should be capable at setting this up or else just leave it to the pro's ? I am experienced with PHP, MySQL etc and from what I have been reading all you need is a bit of PHP to link the cart and payment gateway..am I being too optimistic here?

drunkmonkey

If your a bit concerned about setting up the payments yourself leave it to the pro's to integrate, it won't cost that much, it might be worth it in the long run.
One thing the customer needs to take into serious consideration is fraud, what are they going to be selling? Could it be targeted by fraudsters, charge backs are one of the nastiest things that can happen to e-merchants but are quite common especially using pay pal as the payment gateway, the retailer has 0 protection.
Look into 3D secure it passed the liability onto the bank from the retailer but it's still a bit of pain for shoppers on the website.
The sooner post codes arrive here the better, it's like russian roulette shipping orders at the moment.

Eoin

techguy wrote: »

Great, so the customer will briefly be redirected to some http://*.realex.com to input cc info. Then once it is authorized the customer is redirected to my page?

Does that mean the only thing I need to worry about is keeping my cart secure i.e having the latest version and patches installed etc?

Exactly right - and you don't have the headache of storing customers' credit card details either.

techguy wrote: »

Do you think I should be capable at setting this up or else just leave it to the pro's ? I am experienced with PHP, MySQL etc and from what I have been reading all you need is a bit of PHP to link the cart and payment gateway..am I being too optimistic here?

Very hard for me to say, but if you have good PHP knowledge, it shouldn't be too hard.

Check the realex site for the list of carts that they support - they have modules for a good few ecommerce packages.

I've found them very helpful to deal with in the past.

techguy

I think i'd be up to the challenge.

I think i'm fairly competent and obviously I will do a lot of research before anything goes online or money changes hand.

The site in question will provide a local service that I don't think would be targeted by fraudsters.
Also, 9/10 times customer will meet with the business owner/rep after the sale so charge backs mightn't be that big an issue.

How do you mean chargebacks are the nastiest thing that can happen e-merchants?

drunkmonkey

techguy wrote: »

How do you mean chargebacks are the nastiest thing that can happen e-merchants?

let's say you sell me a wii on ebay, you send it out to me registed delivery I get the wii, but then I tell pay pal I never got it and they raise a chargeback against you, you'r at the loss of the wii and the money and there's not a thing you can do about it, paypal wash there hands of irish merchants as there are no postcodes. If your selling anything with paypal make sure to only deliver to confirmed addrees only, I learnt the hard way!

techguy

drunkmonkey wrote: »

let's say you sell me a wii on ebay, you send it out to me registed delivery I get the wii, but then I tell pay pal I never got it and they raise a chargeback against you, you'r at the loss of the wii and the money and there's not a thing you can do about it, paypal wash there hands of irish merchants as there are no postcodes. If your selling anything with paypal make sure to only deliver to confirmed addrees only, I learnt the hard way!

Oh, ok.. Well I think that would really be an issue for the service I will be working on. Goods will be delivered by a shop rep so I suppose you could get somebody to sign for the goods. Would that be safe?

Also, can the charge back issue be solved with the likes of a courier/registered post type shipping method?

drunkmonkey

techguy wrote: »

Oh, ok.. Well I think that would really be an issue for the service I will be working on. Goods will be delivered by a shop rep so I suppose you could get somebody to sign for the goods. Would that be safe?

Also, can the charge back issue be solved with the likes of a courier/registered post type shipping method?

you should be fine by the sounds of it, especially if someobody from the business is meeting the customer.

and no the chargeback can't be solved by a signature etc. It's a complete joke. It all comes back to checking credit card addreses with a post code which isn't possible so the irish merchant is 100% liable unless they use 3D secure.

techguy

drunkmonkey wrote: »

you should be fine by the sounds of it, especially if someobody from the business is meeting the customer.

and no the chargeback can't be solved by a signature etc. It's a complete joke. It all comes back to checking credit card addreses with a post code which isn't possible so the irish merchant is 100% liable unless they use 3D secure.

Well then I should check out 3D Secure, is that where the bank check the address and you can only ship to addresses that are approved by the bank?

I've come accross that where I need to call up the bank and approve an address before I make and order.

Are there extra charges for all these services like 3DSecure, Realex redirect etc.?

drunkmonkey

Not sure about realex I use sage pay, if you want to use the external forum that dosn't cost extra (it's just a matter of personal choice) and 3D secure is included with sage pay go.
http://www.sagepay.com/sagepay_go.asp

There phone support is excellent, calls are answered swiftly. Can't comment on realex but there meant to be very good to. At the time it just worked out cheaper to go with sage.

Trampas

Realex use 3D Secure.

I use a Web Service to validating the cc and pares code for realex.

tiptap

just a couple of things

- you can't store any credit card details, unless you are PCI compliant.
- if you are using the realex response or redirect method, I still recommend you get a secure certificate for your website. Customers will be logging into your website where there information resides, it's a plus for the customer to see the secure sign.
- fraud, there are third party companies that specifically look at fraud, but if you use Realex to it's full capacity, and you're only dealing with the Irish market, then that would be sufficient.
-you will definetly need a dedicated IP address
- remember, paypal and google checkout are more expensive (higher commissions)

techguy

tiptap wrote: »

just a couple of things

- you can't store any credit card details, unless you are PCI compliant.
- if you are using the realex response or redirect method, I still recommend you get a secure certificate for your website. Customers will be logging into your website where there information resides, it's a plus for the customer to see the secure sign.
- fraud, there are third party companies that specifically look at fraud, but if you use Realex to it's full capacity, and you're only dealing with the Irish market, then that would be sufficient.
-you will definetly need a dedicated IP address
- remember, paypal and google checkout are more expensive (higher commissions)

I think I will be going down this kind of route.AFAIK we will be dealing only with the irish market.Realex seems pretty good value, 350 transactions for €29 p.m.

I would like to use Realex (+ redirect) as long as they are fully compatible with Cube Cart.
I think I will be going for VPS hosting so and Cert and dedicated IP shouldn't really be a problem.


Has anybody used Cubecart with Realex? What people suggest I use with Realex?

drunkmonkey

Realex should support most carts on offer, You should have a play around with cube, virtuemart (joomla), zen and magento, I think magento looks the best of them all out of the box.
You can download it here and have a play, http://www.magentocommerce.com/product/community-edition

I still think zen is one of the best, it has loads of free modules for and a huge support base, at the end of the day it which one you feel most comfortable with, try them all:)

techguy

Hi again guys.

I've been doing some playing around with OSC, Zen and Cube Cart. I must say that I feel CubeCart is a winner for me. It's a lot easier to use in my opinion.

Just one question. Is CubeCart reaily compatible with SagePay? The SagePay site says its compatible butI can't seem to find module anywhere.

@Drunkmonkey, what cart are you using with sagepay?

sicruise

You have your own MPI for processing with Realex?

op - If you are using a shopping cart you can generally get a module for any of the payment gateways in Ireland whether it is Realex / SagePay or WorldnetTPS

Also you can get an api for most languages too. If you have any specific questions about a provider you can drop me a PM

techguy

Excuse my ignorance but whats an MPI??

I am thinking about going with SagePay now as they seem more compatible than Realex. I know you can get Realex modules but they are 3rd party.

@sicruise - Thanks for your help i'm sure i'll need your help a little further down the line.