Online credit card payments
Discussion
www.oscommerce.com is a good start.
You need SSL and in my limited knowledge, this costs around £150 for a years certificate, but I would rely on someone more knowledgeable than me for specific answers.
You need SSL and in my limited knowledge, this costs around £150 for a years certificate, but I would rely on someone more knowledgeable than me for specific answers.
docevi1 said:
www.oscommerce.com is a good start.
You need SSL and in my limited knowledge, this costs around £150 for a years certificate, but I would rely on someone more knowledgeable than me for specific answers.
Thanks for the link I'll take a look. I was hoping a redirect to a secure page would allow someone else to do the SSL else stuff for me.
My New (Soon to be Launched) http://Register1.net VDS packages now include OsCommerce, it is indeed a great, simple solution for those that need a Great Storefront, without the Costs associated with Actinic.
A few members on here have taken a VDS from me recently, and I hope they are enjoying the level of service
For Card processing, worldpay seems to be the 'standardised' non 'direct merchant' choice, we use it for Register1 at present, and it seems to do the trick, tho some HAVE experienced issues in the past.
Feel free to mail me vis profile for more Info.
A few members on here have taken a VDS from me recently, and I hope they are enjoying the level of service
For Card processing, worldpay seems to be the 'standardised' non 'direct merchant' choice, we use it for Register1 at present, and it seems to do the trick, tho some HAVE experienced issues in the past.
Feel free to mail me vis profile for more Info.
Joolzb said:
<a href="http://www.oscommerce.com">www.oscommerce.com</a> is a good start.
You need SSL and in my limited knowledge, this costs around £150 for a years certificate, but I would rely on someone more knowledgeable than me for specific answers.
Thanks for the link I'll take a look. I was hoping a redirect to a secure page would allow someone else to do the SSL else stuff for me.
SSL is available for less, I know we sell them from £99 with 15 minute issue times, and I am sure you could find some automated (read no support) options elsewhere for cheaper.
The only thing about SSL is you WILL need your own IP, so make sure to take this into consideration when chooseing your Hosting.
Using someone elses SSL is an option, but to me, always seems so amateur, especially when you can have your own for so little.
I've used Actinic coupled with Barclays EPDQ. The interface between the two (and all the SSL) is handled by www.securehosting.co.uk .
As hinted above, Actinic is not cheap but it made my life really easy.
As hinted above, Actinic is not cheap but it made my life really easy.
Thanks everyone for the views. I'm trying to get an idea of cost, the site is not for me BTW so I'm not being tight
What I reckon I'm gonna need is
1) A web site that has scripting capabilities
2) Poss a SSL cert (if I'm gonna capture card details myself). If not someone like worldpay who will handle that side for me.
3) Some kindda bank account to store the cash(ePDQ seems to provide this but I'm not sure how WorldPay works).
I have this image in my head on how it will work which is why I need you guys to help give me other options.
cheers
Joolzb
What I reckon I'm gonna need is
1) A web site that has scripting capabilities
2) Poss a SSL cert (if I'm gonna capture card details myself). If not someone like worldpay who will handle that side for me.
3) Some kindda bank account to store the cash(ePDQ seems to provide this but I'm not sure how WorldPay works).
I have this image in my head on how it will work which is why I need you guys to help give me other options.
cheers
Joolzb
docevi1 said:
are they wanting to outsource programming of the website or write it themselves?
>> Edited by docevi1 on Friday 9th April 13:47
No idea so far. I reckon they'll want me to do it but I'm not sure if I want to at the moment, maybe for a some optimax tokens I may be tempted. I've no idea what somebody would charge to write it but I wouldn't expect it to be cheap.
I'm guessing that another approach is to set the site up to capture credit card details store them in a db and then process the payments via normal Cardholder Not Present methods with a merchant account.
If they have a merchant account then I can recommend securetrading (www.securetrading.net) we have been with them for 3+ years and never a problem
We've used Worldpay for several years now as well.
I personally wouldn't recommend using SSL and processing the information yourself. I'd get Worldpay to either give you a merchant account, or allow them to use your existing facilities.
The reason for this is actually quite simple.
Although you can secure the connection between web client and web server, what happens with the information after that?
If you send the data to yourself via email you break the secure chain, if you store the database in an sql server on the webserver that took the original request - then you are now at the mercy of that software package, and you are effectively breaking that secure chain.
I could break most sql dbs in a few minutes. They are not difficult.
So we always recommend that clients use Worldpay or another processor who have a secure system front to back.
Regards,
Tin
I personally wouldn't recommend using SSL and processing the information yourself. I'd get Worldpay to either give you a merchant account, or allow them to use your existing facilities.
The reason for this is actually quite simple.
Although you can secure the connection between web client and web server, what happens with the information after that?
If you send the data to yourself via email you break the secure chain, if you store the database in an sql server on the webserver that took the original request - then you are now at the mercy of that software package, and you are effectively breaking that secure chain.
I could break most sql dbs in a few minutes. They are not difficult.
So we always recommend that clients use Worldpay or another processor who have a secure system front to back.
Regards,
Tin
tinman0 said:
We've used Worldpay for several years now as well.
I personally wouldn't recommend using SSL and processing the information yourself. I'd get Worldpay to either give you a merchant account, or allow them to use your existing facilities.
The reason for this is actually quite simple.
Although you can secure the connection between web client and web server, what happens with the information after that?
If you send the data to yourself via email you break the secure chain, if you store the database in an sql server on the webserver that took the original request - then you are now at the mercy of that software package, and you are effectively breaking that secure chain.
I could break most sql dbs in a few minutes. They are not difficult.
So we always recommend that clients use Worldpay or another processor who have a secure system front to back.
Regards,
Tin
Yep that's the way I was thinking. I guess once you've captured the info using ssl, it would be possible to authorise the payments via normal cardholder not present but that would be somewhat clumsy and involve alot of manual work aswell as quite a bit more validation on submission. The Worldpay option seems like a quick and easy solution albeit a bit more expensive.
I would still advocate using SSL thru your side of the ordering, even if you are using Worldpay.
I certainly do. You lose nothing by encrypting the data, you reassure the client that your thinking of their security, and the client may still be passing data back and forth prior to the payment side, which they may not want 'others' to get hold of.
I certainly do. You lose nothing by encrypting the data, you reassure the client that your thinking of their security, and the client may still be passing data back and forth prior to the payment side, which they may not want 'others' to get hold of.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff