-----Original Message-----
From: tedd [mailto:tedd.sperl...@gmail.com] 
Sent: Wednesday, May 20, 2009 9:28 AM
To: Gary; php-general@lists.php.net
Subject: Re: [PHP] Accepting Credit Card Payments

At 8:48 AM -0400 5/20/09, Gary wrote:
>Sorry, the first postssss were put in the wrong place...
>Not sure this is a direct PHP question, however I know I will get some
>answers here.  I have a customer that I am bidding a small project for.
>They want to be able to accept credit card payments for enrollment into a
>class. Their customer will fill out a form and pay via CC on the site.  Is
>this something that I should just look to the host for whatever shopping
>cart they have or is there an easy to administer software package that I
>should look into. Or since it is a one item cart, is this something that I
>could code?
>Thanks for your help.


Are they wanting to collect the credit card information and then 
process that data in their shop OR are do they want the complete 
transaction to be completed online?

In both cases you should have your script(s) work in the https directory.

If they want to process the cc information themselves in their shop, 
then that information has to be provided to them in some secure 
fashion. If they want to use email, then that's a problem because 
email is not secure. You will have to work out a way for them to log 
on to a secure area and review the cc information themselves -- this 
is a clumsy way to do things.

The more acceptable approach is to use a credit card clearing company 
like PayPal.com. They have different types of merchant accounts which 
offer different types of processing and features and fees. Go to 
PayPal.com and check it out.

Basically there are two types of collection systems. [1] One where 
you direct the user to PayPal with the item(s) they want to purchase 
and then PayPal does everything (i.e., collects the cc information 
and approves the transaction -- the simplest); [2] Two, where you 
collect all the information and then contact PayPal for authorization 
(the more complex). While [1] is simpler [2] allows you to have full 
control over the user -- IOW, they never leave your site.

In both cases, after the user has been approved, you are notified of 
the purchase, you are are credited with the purchase AND the user is 
[1] or [2] should be directed to a "Thank you" page.

While customers like to say "This is a small project" it really isn't 
and does come with an element of liability on your part. For example, 
if you somehow make user cc information public, then you have 
big-time problems. That's something you should consider in your 

Good luck,


http://sperling.com  http://ancientstones.com  http://earthstones.com

Amending my previous reply, I have to agree with those that recommend you
hand this over to someone that has experience doing this. I oversimplified
the process I feel due to the fact that I have done this so many times, I
even helped debug a few premade API's, it is second nature to me. 

Before you decide to dive into this yourself, consider this: you are asking
normal folks to trust that you will protect their CC and personal
information in you and your client. When they commit to making the payment
they trust their info won't be subject to identity theft and/or CC fraud.

Also, I know what you mean about getting your servers certified. It is a
lengthy process. 

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

__________ Information from ESET Smart Security, version of virus signature
database 4091 (20090520) __________

The message was checked by ESET Smart Security.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to