| Payment Processing - Credit Cards - Any Libraries available? |
(03-29-2017, 03:20 PM)skunkbad Wrote:(03-29-2017, 03:00 PM)PaulD Wrote: ... on your own site. Hosted solutions don't need PCI compliance. What I meant was that suppose your website takes website payments, but the payment pages are hosted on the payment processors servers, then you do not need PCI compliance as you are not actually collecting any cc data, but the payment processor is. For instance, worldpay (like most), offer two solutions, hosted payments and api access. With hosted payments when the customer clicks 'confirm and pay' they are taken to a worldpay page to give their card details. The results of the payment are sent back to your own site so you can update the order. The api way is when you collect the information on your own page, and when the customer clicks 'pay now' you, in the background, send the info to them, and they tell you if you got the money or not, the customer never leaves your site. The second way requires PCI compliance, the first does not. With the hosted solution, you never see the cc number in full, so you are not responsible at all for handling the cc numbers securely. About PayPal: Personally I have used paypal in the past and have never had anything but a good experience with them. Their only issue is they are expensive, although they are becoming more competitive. Am about to implement a paypal payment option for a customer as in the UK many people like the extra buyer protection they get when using PayPal. Also, you can pay without your cc if your account is set up appropriately, which I know I like using myself. About Omnipay: I really must try it out sometime soon, been meaning to for ages now. (03-30-2017, 01:48 PM)skunkbad Wrote:(03-30-2017, 10:18 AM)PaulD Wrote: What I meant was ... It is a weaker solution in that the customer has to leave your site to pay. It is not as nice or pretty. However as far as I understand it many customers actually like it. It means that instead of giving my cc details to best-top-hats.com or some other site I have never used before, I am giving my cc details to worldpay, or sagepay, or stripe, or paypal or some other payment processor I am more likely to have heard of before and trust. In which case I have added protection and an independent source to get a refund should I need one. In fact, I believe the best solution is to offer the choice. Something like "Pay on our site, pay with PayPal, or pay with Worldpay". If you have only one payment option, the chances are that you are loosing sales. Paul. PS To the OP, sorry if this has gone a bit off topic.
I have developed for both authorize.net and paypal with Codeigniter. Both were fairly easy to integrate. If I recall correctly authorize.net has a nice SDK and PHP examples that adapted to CI nicely. That site did require PCI compliance and it was a pain.
The Paypal experience revolves around the use of "Buy it Now" buttons. Which was not hard to integrate. No PCI work needed as the system redirects to PayPal where all the card and other sensitive info is handled. Reasonably easy to use their payment notification to keep the website backend "informed". Paypal offers several other APIs beyond the buttons. Have spent little time exploring those so - no comment. You need SSL for Paypal these days. There have not been any problems with Paypal account-freezing shenanigans that I have read much about. That (knock on wood) seems to be a resolved issue AFAIK. Authorize on the other hand was a royal pain. Money moved about easily but they had a tendency to change the terms of use without warning and the same with rates, fees and "other" charges. It got very expensive for one very small retailer. Paypal has worked much better for them. (03-30-2017, 03:17 PM)dave friend Wrote: I have developed for both authorize.net and paypal with Codeigniter. Both were fairly easy to integrate. If I recall correctly authorize.net has a nice SDK and PHP examples that adapted to CI nicely. That site did require PCI compliance and it was a pain. Regarding PCI compliance - If I build site with codeignitier and use authorize.net, and then the site will be hosted with a hosting company. In that case, do I only need to make sure the hosting company's web server is PCI compliant?
(03-30-2017, 11:22 PM)tom756 Wrote: Regarding PCI compliance - I'm sorry Tom but I honestly do not recall all the requirements/steps to be PCI compliant. I do remember is was a can of worms. As my brush with PCI was 6+ years ago I imagine that the process has changed anyway. (03-30-2017, 11:22 PM)tom756 Wrote:(03-30-2017, 03:17 PM)dave friend Wrote: I have developed for both authorize.net and paypal with Codeigniter. Both were fairly easy to integrate. If I recall correctly authorize.net has a nice SDK and PHP examples that adapted to CI nicely. That site did require PCI compliance and it was a pain. If you shop around some hosts will claim they are PCI compliant, but in general if you are sharing a server with other websites (shared hosting), you're probably not going to be able to pass the PCI compliance scan. It's all a scam really, because if you don't pass then they just charge you a $30/mo non-compliance fee. Just another way they bleed you dry.
authorize.net has been around for a very long time and works very well. typically a merchant is partnering with another provider which can also affect the final rates and charges. but in any case it will be working with a "merchant account".
paypal does not require a merchant account so its simpler to set up. and there are millions of people who have a paypal account and can pay just by logging in. one issue is that by default paypal will ask the person to register with them if they are not a member, so the checkout is not as smooth compared to just asking for a credit card. stripe pioneered taking the credit card number over javascript direct to their server. therefore the merchant is never in contact with the credit card, therefore its a much better situation for being pci complaint. and stripe is very very developer friendly so very fast to set up. whatever service you use - the merchant will be exposed to chargebacks. whatever service you use will have different practices, but the bottom line is that the purchase price can be taken away at any time, and it can take days - weeks to resolve, and the merchant has to budget and prepare for it. |
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
