More information about the Underscore mailing list

[_] ASP serverside payment gateway

Daniel Hilton daniel.hilton at gmail.com
Tue May 29 17:00:37 BST 2007 

On 29/05/07, Joel Hughes <jh at jojet.com> wrote:
> Hi [_],
> a Windooooze based client wants his website to use a credit card
> processing facility which does  not involve going off to a third party
> website (atleast, from the perspective of the web visitor).
>
> Box is dedicated etc so installation of components etc aint an issue.
>
> Any recommendations of UK payment providers with good serverside
> offerings?? Ecommerce transaction levels are low & purcase prices can be
> a couple of hundred pounds (or more).
>
> Joel
>

Depends on what type of API you want. Most will do a SOAP of sorts
interface and some may do a VPN or even a plain http custom one. The
most complicated I've seen is a Secured Trading option where by you
run a java app that you communicate locally to then that talks to
their system.

Have a look at www.metacharge.com and www.secpay.com for two of the
players in the market who offer good smaller size transaction
accounts. You can pay a flat fee for example and get say a  100
transactions free. It really depends on your expected volumes and also
do need any further services like fraud prevention via verification of
the customer or expanded card fraud prevention.

As for PCI compliance all sites that take VISA card payments should be
3D-secure[1] asap, however many are not. The standard is an agreed one
between Mastercard and VISA for moving liability.

If you want to keep card data (seriously don't, look at TK Maxx...)
you need to be PCI compliant, which includes lots of audits,
penetration testing and all sorts of other goodies that cost lots and
lots. Most payment processors will allow you to do repeat payments via
the use of a secured token which you can store rather than the card
details(including the CV2, the little three digits on the back) to
process repeat payments say on a monthly basis.

disclaimer: I work for some of the companies mentioned, and it isn't TK Maxx.


[1]http://partnernetwork.visa.com/pf/3dsec/main.jsp



> --
> underscore_ list info/archive -> http://www.under-score.org.uk
>


-- 
Dan Hilton
============================
DanHilton.co.uk
============================