So I need to recommend an eCommerce platform to my client. The requirement is that they need to ship items all over Europe and North America. So it needs to be multi-currency, multi-language. Also there is a subscription model, so the credit card needs to be stored and periodically charged. Further they need it to integrate with QuickBooks which is they accounting software. Also the software will have web, iOS and Android versions.
So for the storing credit card part, I do not want to store it within our infrastructure because of PCI DSS issues. Instead I would prefer having something like paypal vault. However I cannot use paypal because their mobile SDK does not support recurring payments/subscription model.
With paypal ruled out, I have been looking at X-Cart for the shopping interface and couple of other payment companies (akin to authorize.net) for the payment integration. However I am getting confused with X-Cart. It talks a lot about PCI compliance and stuff, so I am wondering whether it is a full package not just shopping cart? I read tons of documentation but I still cannot wrap my head around it.
My Questions:
If I use X-Cart do I need any additional payment integration system like Paypal?
Since X-Cart is a downloadable software, what PSI implications does hosting it in our own server have?
How will I handle iOS and Android versions, does X-Cart do anything for those platforms?
I was surprised to see X-Cart was a SO tag. So I decided to reach out to anyone with prior X-Cart experience to help me get some directions.
Thank you!
All the latest versions of X-Cart do not touch credit card information at any point. So it is out of PCI-DSS scope and can be hosted on any server you like as long as it meets the system requirements.
And to process credit cards you can use any of the integrated payment gateways.
X-Cart does not charge any transaction fees so the only fees you will be paying will be to the gateway itself.
And if the gateway you would like to use is not integrated yet, you can add it yourself since the platform is fully open code.
As for subscriptions, X-Cart offers a stand-alone PA-DSS certified X-Payments software that utilizes tokenization technology supported by certain payment methods(including PayPal Pro) to "save" credit card information for further use in a PCI-compliant manner. The actual credit card number is saved by the payment gateway itself. And X-Payments uses the token to perform additional charges. The token cannot be used with any other gateway or X-Payments installation so even if it gets stolen there won't be any harm. You can read more about it in this blog post.
And dedicated iOS/Android applications can be added with Shopgate service that is integrated with X-Cart.
Related
The Magento 1.9.4.2 has deprecated the Credit Card payment method, so I've decided to get the config.xml and system.xml from older version which is 1.8. It works btw.
My question is, once the customer input their credit card info, I want the bank(gateway for development) to verify it(I'm using a devsecure gateway service URL). My teacher told me to use cURL to do it but I am worried about how I'm going to do it. I'm new to Magento as well as PHP that's why I have no idea what to open to the directory. I am completely lost.
I don't know where to implement the cURL, in system.xml??cause it's where the Credit card functionalities are located at
Magento has deprecated the Card Method in v1 for a reason. It was usually set to storing the card details which is not a secure way nowadays, as now everything is tokenised.
Every card provider has an API (not sure what devsecure is and how it is working, some docs would be useful).
What you should do, is create a custom module for the payment gateway (full fledged module) that actually handles the authorisation/charging aspect.
There are plenty of open source examples that would allow you to replicate some functionalty.
As it stands now the question doesn't provide enough details to help. Generally you need a custom module with a Payment Model for devsecure. the charging aspect would be handled using simple cURL requests within the module, or you could load a library like Guzzle to handle the HTTP requests.
I am currently using CCavenue as my payment gateway, and we collect payments via email, where the Pay button is pre-configured with the URL, which redirects to the payment gateway. I am keen on using Google pay. Below are my few queries -
a) Can a payment gateway be completely replaced by Google pay?
b) Can I embed google pay into the mail and receive the payment or it needs to be in-app only?
I am using Laravel as Backend.
Google Pay does not process payments, and as such, works in combination with existing payment processors / gateways. Here is a list of supported processors as of today (CCAvenue does not seem to be in that list yet).
You can only use Google Pay wherever you can run JavaScript on the web (or on Android using Java or Kotlin), thus most email clients and services will not support such an integration.
Hope it helps.
I want to integrate Braintree into my project. But I have following issues:-
I want recurring payment in sdks, which is not possible as per Braintree documentations. For this my company wants me to develop a custom screen which will take card details and that I need to send on server and my server will make payment also create recurring profile in Braintree as Braintree provides recurring in web.
So, If I do so, what it will be a risk of app to get rejected in apple review because of custom payment screen ?
According to Braintree's developer documentation:
If the Drop-in UI doesn't fit your needs, develop your own custom
integration using our client SDKs to accept credit cards,
PayPal, and other available payment method types. This allows you
full control over the checkout process. Using our native mobile SDKs,
you can typically qualify for the SAQ A PCI compliance form with a
custom integration
I'm developing a site which needs to utilize SagePay's token system within Magento.
The module I'm using to do this is Ebizmarts SagePay Suite http://www.magentocommerce.com/magento-connect/ebizmarts-sage-pay-suite-ce-sage-pay-approved.html
Problem I'm having is it doesn't seem to be storing any token data in the sagepaysuite_tokencard database table. Even though I've selected the Token Integration - Server method. However, on checkout the option is there to save details for next time.
Could this be that my client's SagePay account does not have the ability to make tokenized payments? Or is there something I've missed?
Cards are saved once the transaction completes.
I'd recommend you check whether the vendor has Token on both their Test and Live Sage Pay account. If they have do not have Token, ask them to call Sage Pay on 0845 111 4466.
If you are using Ebizmarts Community Edition (FREE) version of their module, the latest release can be downloaded here.
If you are using the PRO version (chargeable extension) please email Ebizmarts via info#ebizmarts.com as they have excellent support.
hello i have to integrate flagship merchant services on my project.But i don't have any idea about this.if any person any idea about this or have any api regarding this please let me know .I have also integrate reoccurring payment service in this.So if any body has worked on this payment express please provide me the api or the flow so i can integrate this as soon as possible
My project is in php so need api in php
I believe you're referring to this Flagship Merchant Services. According to their FAQ, you need an Internet merchant account with them before they'll provide you with the First Data Global Gateway API to interface with their payment gateway.
I worked on similiar integration code with a local credit card processing provider and they only provide the interface API only when the client has signed up an account with the provider. Presumably, it's for security purposes (at least security through obscurity)