Secure Cert

mise18

A chairde,

Is there anyone who knows of a solution to allow for the taking of credit card details without online credit card verification, allowing the details to be sent securely via an encypted email to an administrator who can then take the details and use them.

This solution is aimed at a relatively low volume 'subscription' service and therefore does not need costly online credit card verification. If there is an alternative "Irish" solution, perhaps you could suggest it.

Mise le meas,

M

rymus

I have a complete script around here somewhere that does more or less what ure after. I think it logs the transaction to a database and emails the shop owner with a message that a transaction has been logged.

The owner can then log into an admin area and pick up/print the credit card details, etc... If I find it I'll throw it onto my ftp and post the link... I think it was an ASP script tho

dahamsta

I don't know of any "solutions" - as soon as they get called "solutions", they get damn expensive - but something like this is easy-peasy to code up in Perl or PHP, to interface with PGP. That's if you have what's required on your server of course. The level of code required depends on your requirements. You could have the transaction logged to a database, or have a username and password set up automatically, etc. You could even skip out emailing the full transaction and store that (encrypted) in the database, and access it only over SSL connections for maximum security. Loadsa options really.

adam

nahdoic

just curious ... how do you plan to process the credit card details off-line? I would like to find a cheaper way to process credit cards over the net too. It's ridiculously expensive, with charges upon charges upon more charges. They charge for opening the merchant account, a monthly fee for having the account open, they charge for converting currency back to your local currency, and of course they charge about 4.5% fee for each transaction as well as having a minimum transaction charge, oh and don't forget about charging for refunds as well. And that's with www.worldpay.com ... supposedly one of the best there is.

Do you already have a credit card machine? Or is it easy to get a credit card machine off a bank nowadays? I wouldn't have thought so ...

What is the cheapest/best way to process credit cards over the net?

But to answer your question. The answer is most definitely yes. You can even get scripts that will run a special mathematical formula on the credit card number, to determine whether it is valid or not. Although I don't know of any ready-made solutions myself but as adam said it would be very, very easy to code up a little script to do it.

dahamsta

just curious ... how do you plan to process the credit card details off-line?

You can get a merchant account from your bank and either:

a) get a terminal, like you see in the shops, which connects to the bank via ISDN; or

b) process the transacations manually, by filling in those wee slips that go into the slidey thing (you know what I mean).

If you're taking orders without the cardholder present, you need to sign an addendum to your merchant agreement. If you're taking orders on the net, you'll need to sign an additional addendum.

At least, that was the process when I signed up. The process used to be really messy, with the banks lax to sign merchant agreements with small entities, and lax to allow you trade online. It's getting easier these days. I imagine at this stage it shouldn't be /too/ difficult.

And that's with www.worldpay.com ... supposedly one of the best there is.

I wouldn't say "best". Convenient and relatively simple to organise, yes, but not the best. Unfortunately though, the really good systems, which allow you to integrate with the merchant server live - and avoid visible connections with third-party servers - are expensive.

You can even get scripts that will run a special mathematical formula on the credit card number, to determine whether it is valid or not.

LUHN, aka mod10. See here. That's all it does though, is validate the credit card number, it doesn't validate the actual card, or more importantly the credit available.

It should also be pointed out that if you go for option b) above, you'll need to contact a clearingnumber every time you have a transaction that goes over a certain (low) amount. It can be a pain.

adam

nahdoic

Originally posted by dahamsta
Unfortunately though, the really good systems, which allow you to integrate with the merchant server live - and avoid visible connections with third-party servers - are expensive.

worldpay lets you do that ... you never have to leave the site. A lot of people may not do this because it is a little more tricky, may choose to be redirected to the world pay site to finish their order. But they definitely do offer this.

dahamsta

worldpay lets you do that ... you never have to leave the site. A lot of people may not do this because it is a little more tricky, may choose to be redirected to the world pay site to finish their order. But they definitely do offer this.

You sure nahdoic? I've done integration for clients and I'm a WorldDirect customer myself, and I've never seen full integration offered - I've always had to pass off to their transaction server. I've never actually used it myself because of that restriction - if it can be done on the server side, I'd set it up tomorrow.

adam

nahdoic

yeah i was strongly thinking about using world pay before, and I had one of their sales reps rang me up. And I asked them, and they said "yeah". You can send the info to their gateway server without ever leaving your site, and the gateway server sends back a response either accepting or rejecting the card. Just email whoever dealt with your order in worlddirect and ask them about it. Unfortunately the costs of everything involved were just too great, so I never ended up using worldpay. So I can't say for 100% absolutely yes yes I've done it before, but I am almost certain you can.

If they say they don't, then tell them to look at their own website

http://www.worldpay.com/uk/faqs/technical_security.shtml

How do I integrate my web site to WorldPay?

If you are not using a pre-integrated solution, such as Click and Build, you will receive technical documentation and access to our technical support team in order to assist you with this process.

How do we feed the information from our shopping system to the payment page, and vice versa?

A variety of methods could be used, each of which is laid out in our integration guides. Note that if you are using a pre-integrated system, such as Click and Build, this issue does not arise.

dahamsta

A variety of methods could be used, each of which is laid out in our integration guides. Note that if you are using a pre-integrated system, such as Click and Build, this issue does not arise.

Well, Click and Build does negate the link, but that's because you're already on their transaction server. I must look into it, but I think that if you're right, it's a relatively recent introduction. Course, I could do it all with cURL, but that'd be a pain in the arse.

Anyway, thanks for the reply nahdoic, most interesting.

adam