First, I've research this topic and many adjacent topics and know the risks with storing and processing credit card information. We have taken all the necessary steps to harden our servers and we're also PCI Compliment. Now, let's try to stay on topic here :)
Our system will allow our customers to add their bank account information so they can accept payments from their customers. What we're trying to do is support the most popular/common banks for our clients to use. We can't force our clients to use authorize.net and all the other payment gateways, most are old-fashioned and just have a business bank account.
I was trying to find an open source php library where most banks are already setup, but couldn't find anything. Have someone written something like this? of course we will carefully analyse the coding and add our own security features.
Take a look at Stripe. It's not exactly what you are looking for but somewhat close.
Related
This might be quite a long read, because there is a bit if relevant back story. Of you just wanted to see the question summarized I have it written at the end.
Edit: I realize hiding the type of business isn't useful, it's a maid/cleaning business.
I'm working with a client where the service they provide is ordered through the website, but the client doesn't have to pay until the service is finished. Because of this the payment is handled through a third party and no payment information is even processed on the website.
The problem is now with the city. While we were in talks with them to obtain a license for the product they said that we could still collect payment the way we want, but we have to store(or have access to) a credit card for each user so we can identify or track them if they break a law (like assault one of our employees on the job or decide not to pay or whatever)
Originally we thought a fully varied phone number would be enough but they are insistent that we need to be able to link a user on the website to a credit card. Even if they choose to pay by cash we need a credit card on record just in the off chance we need to track them later.
Is there a way to do this without holding credit card information on our personal database? When a user makes an account can I ask for a credit card at that point and then just feed it to a service like stripe and just hold it there sort of acting like a second database? If we go through this route is there anything we need to do on our side in regard to PCI Compliance.
Our owner has had a bad experience in the past with bad developers holding credit card data on a server that was not protected and it ended badly so he refuses to hold any card information on our side Also the insurance we have already lined up refuses to back us any further if we hold it in site without professional security measures. Even if we did start to hold credit card information, what exactly do I have to do to make sure it's all secure and up to standard, I've never had to handle this before.
Any suggestions or help would be awesome I'm really stuck here.
TL;DR: City wants us to be able to link a user to a credit card before service is even started, so basically upon sign-up. Owner of business and isurance company doesn't want to save credit card information on our database. I'm not sure how to handle this and make both happy. Do I learn some basic encryption? Can I use stripe or something as a second database?
Edit: To clarify further, I don't want to use any of the information we save, we plan to charge customers differently. The city just wants it on record.
Yes of course there is a solution.
There are companies (Payment processing companies) that are doing exactly this, they charge a fee and offload all of the responsibility from you.
They invest a lot of money to be able to validate all of the security measures required by the law, including PCI compliance.
Those companies are not only offering different payment formats (such as single payment, recurring payments, etc..) but also takes care of storing some data on their side for future payments from the customer.
stripe, 2checkout and authorize.net are only a few of many options to look into.
Don't you ever think about storing any sensitive information (credit card information is only one example) on your own servers, unless you can comply with all security measures required by the law - which is a tiresome and expensive thing to do.
Good luck !
I want to integrate "visa" to my website (developed in PHP), so other people can make a deposit to my website.
I don't know how to do it, are there any examples or documentation for this?
Create an account on Paypal, and let them do the work. These days very few people will trust their credit card number to "just anyone". Not only will this get your "trust", but all the overhead of managing these things will be taken care of for you, with minimal overhead for you. They will give you code to embed on your page "Donate Now" - they handle the rest.
Did I mention trust?
it depends on your bank,
you should contact them and they will provide you their API ,
-if you use CMS for your site there ready extensions on joomla for example,
-you have also the choice to integrate paypal API on your website
If you're in the US you could also use stripe. The api is very easy to use
Just updating, VISA has a resource for developers and special offers to independent developers. Just go to their hotsite
I'm a bit of a newb and have never integrated paypal into a website before so I apologise for my lack of knowledge.
I'm trying to build a website which allows users to sign up and, assuming they get themselves paypal premier accounts (so they can receive payments by credit card) they will be able to receive payments from other users of my site.
So someone will sign up using their Paypal email address, and other users will then be able to send them money through my site. If they use one of my special services then I also want to be able to take a 1% fee of the money sent.
I'm using cakephp and I've searched and found a few cakephp related paypal components but to me it seems that these are aimed at people who want to just use their own paypal account to receive money. Like having a paypal checkout button. Whereas I want to be able to direct money into many different paypal accounts. Is this possible? And if so can any kind soul direct me to where I should be reading (pref something not too difficult - I'm a learner!).
Also as a side note, are there any special security issues I need to take care of when dealing with paypal, especially considering the particular nature of what I want to achieve? How easy would it be for a bad person to alter someones paypal email to direct funds to themselves?
many thanks in advance
Dave
A few years ago I did a similar thing, although the specific code is languishing on an old computer somewhere... Anyway, the way I did it was to use a combination of IPN and Paypal Mass Payments. Any payments have to run through your own PP account first and foremost, at which point on a successful payment IPN calls a script to run Mass Payments and send the money to the intended target(s).
It's a bit fiddly, and I seem to remember (at least when I did it) there were some odd bugs in IPN, but this should do it for you.
HOpe this helps a bit!
I need to build web application where users can sell goods.
Each user should be able to get money directly on his PayPal account.
Can you suggest which PayPal service/payment method (or other payment system) it is better/safely to use in this case?
Thanks in advance
This is easily set up (if I read your requirements correctly). You would have to create your part of the system, but that's obvious.
The rest, specifically vendor payments, could be handled all by PayPal.
PayPal could process the orders into individual accounts. You would simply have to use the same IPN notification file for each Buy Link. This IPN notification file is what PayPal uses to notify an order has come. It does not matter that it may have come TO Suzie's or TO Bob's account.
So, your notification script gets the order -- Then, your internal system differentiates the vendor and ... that's it ;).
IPN is very simple too, and they've got nice templates in various languages to get you started.
I'm sure there are alternate ways to do it, but IPN is what I personally use, combined with a back-end system. I even have another vendor whose plug-in for my product I sell. Money goes directly into his PayPal account by simply changing the recipient email in the Buy URL (or form).
Any competent programmer should be able to handle this with ease. The proficiencies would be SQL/database experience and web coding (any language). That's about it. A non-programmer could probably even learn, though needs to be careful to sanitize the input to protect against SQL injection attacks.
You can use ExpressCheckout, this means that your sellers do not need tho have Pro accounts, but login and payment will occur in paypal's popup window. You can also use more advanced integration, but this might require the merchants to upgrade their account, and this might cost them money in every month.
You also need to collect API keys from merchants and store them in a very safe location, or collect the money yourself, and pay for the merchants using paypal's API code, but this will introduce additional (transfer) costs.
You will most likely have to write it from scratch. I mean, from some bare framework.
Ambiguous question, I know. But anyway, I'm developing a client's site that will enable users to donate to people doing charity work abroad. I need the users of the site who create their profiles to be able to input their PayPal email address (for example) and as such any users who click the big 'Donate' button on their profile can donate directly to them.
I'm sure this is possible, at least using the PayPal API. However since this is all for charity work, I'd like to implement 'Gift Aid' - read about it at the link.
My problem is finding a payment system that we can use that has Gift Aid either 'built in' or that can make a clear definition between which payments are gift-aided and which are not - sorry if this isn't making any sense!
So ideally I'm looking for a payments processor that can integrate as seamlessly as possible into the client's site which I'm developing in PHP, can support Gift Aid automatically - or if not, clearly specify which payments ticked the 'Gift Aid' option - and supports payments from credit and debit card sources, etc. I hope this is understandable now!
I know there's obviously the PayPal API but I'm sure there are others, I'm just not too sure where to start looking or if the whole Gift-Aid thingy is even possible with transactions like this. Would it be more convienient just to code our own system?
Jack
I would use PayPal, definately. Making the effort to learn their API is not hard. Coding your own solution would be a nightmare. Don't reinvent the wheel!
Have you tried looking at what CTT have to offer: http://www.ctt.org/products__services/cp_terminal/default.asp they have their own payment Gateway called CPterminal/CPWeb which is designed for charities.