My question is pretty obvious, I was wondering what the process for> confirm the actual card validity.
validating a credit cards with both preprocessing by the form to
determine the pattern validity and post processing by a bank to
Well since you asked about the /process/ ... and everyone else replied with "hey, here is some code that does it for you..." I'll be different and explain the process.
The process starts off with the consumer hitting submit on a secure form with a credit card number.
It would be best if you did some common validating yourself (for example, all Visa numbers start with 4, etc.), and such things as the expiry date isn't before the due date (don't think that hasn't happened before).
Once you have taken care of these cursory requirements, you then send the credit card information off to your payment gateway. This would be someone like Paypal, Authorize.net, Paysystems, Worldpay, etc. The API for each gateway is different, but generally it consists of you submitting a POST request to a https:// address. In this POST request, you include the credit card number, the billing address, amount of purchase, the details of your account with the payment processor, and depending on transaction, a few different "types" of transaction codes (authorize, charge, credit, recurring, etc.).
The payment gateway then takes the transaction details and verifies the authenticity of the information. It will then return the status of the transaction to you. Generally this is done via some callback URL that you specify in your account with the payment gateway. Some gateways (like Paypal) ... will take the consumer to their webpage and display the status of the transaction.
Authorize.net for example has a whole host of return codes that it can return. Everything from "address doesn't match" ... to "stolen card", etc. Your application will have to read these codes and deal with them appropriately.
Assuming the transaction was authorized, the funds are transferred from the card issuer's account to either your account with the gateway (as is the case with Paypal), or directly to your account ... minus the transcation fees. Some gateways allow you to subscribe to a flat rate per period, in which you can have unlimited transactions, others charge a percentage of each transaction.
That's a rediculously simplified version of the transcation process :)
You can download the APIs for the gateways and see what kind of requests and responses your application can expect. Authorize.net's is quite comprehensive (I have it printed out -- gotta love Kinkos).
-- Burhan Khalid phplist[at]meidomus[dot]com http://www.meidomus.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
