/    Sign up×
Community /Pin to ProfileBookmark

accepting debit/credit card payment

Copy linkTweet thisAlerts:
Apr 06.2009

Hello Guys,
It would be great if you can help me with some suggestions. I have integrated paypal payment module for my client’s e-commerce php web-site. Now they want an option to receive payments directly, without using paypal or any third party provider. So that will take user card details charge maoney later. Now, i ahven’t done this kind of functionality before (without using any third party provider). I can surely save the card information in the database through a form. But what happens next? How can I/they credit the momey from buyer’s bank? Do they need to have any legal permission from any authorities? Do I need to add any php module? Any advise would be a great help.
Thank you.

to post a comment
PHP

2 Comments(s)

Copy linkTweet thisAlerts:
@MindzaiApr 06.2009 — This is beyond the scope of just programming. To take card payments you usually need to have a business bank account set up to allow you to do it. The client should probably talk to their bank, get set up and then you can program something appropriate to the situation.
Copy linkTweet thisAlerts:
@SyCoApr 07.2009 — This is a really really bad idea. There is a world of difference between integrating PayPal and storing credit card numbers. The fact that you're posting on a programming forum asking how to do this says to me, [B]you really should not code this application.[/B]

You will be blamed when it all goes wrong and 1000's of credit card numbers are stolen from the database. You could be accused of helping with the theft by intentionally allowing exploitable code. Is this client worth going to jail for?

Only the very big sites store credit cards and there's a good reason everyone doesn't do it. There is a lot of infrastructure (hardware, software, maintenance and equipment) and responsibility involved. We store sensitive information, nothing as important as credit cards but info we're legally obliged to protect so we have a dedicated server in an in-house data center. We back up on site to tape and store in a fireproof safe that cannot physically be removed from the data center (the floor supports have been removed). The walls of the data center are 1 foot thick concrete as is the ceiling and three of the wall are dug into a hill side. There are 6 cameras monitoring every person that comes near the data center, an electronic keypad entry and a sophisticated alarm center that calls the police and the top techs should the alarms trigger. We maintain a certificate for SSH connections and have a strict maintenance schedule for patching and securing the server. We have spent millions of dollars.

Even with all this we do not feel we would like to store credit cards because of the liability!!!

If you're hosting your clients site and using Paypal, are you also on shared hosting or virtual dedicated? You can't let someone else (third party host) store those numbers. Any employee of the 3rd party host could steal the numbers and details and quit the next day to sell them to the Russian mafia. So you have to run an in house server and have your client build a data center and employ someone to run it 24-7.

If there was a breach and loss of numbers, your client's company would instantly become untrustworthy.

It's a huge responsibility and I hope you think through about continuing with this project. I also hope there's enough info here to take to your client as to the expectations and cost of such a set up. Think they will still want to go ahead?
×

Success!

Help @tkm spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...