ssgumby
msg:4421189 | 2:44 am on Feb 24, 2012 (gmt 0) |
authorize.net has sample code for almost all languages that you can use to integrate.
However, writing your own checkout and integrating authorize.net is bad bad bad bad bad, did I mention bad?
PCI and PA-DSS are required by Visa/Mastercard and to get PA-DSS on YOUR shopping cart solution is an expensive venture.
|
jerseyboy
msg:4421192 | 3:07 am on Feb 24, 2012 (gmt 0) |
So what do you recommend?
|
ssgumby
msg:4421398 | 4:54 pm on Feb 24, 2012 (gmt 0) |
There are many shopping cart systems out in the market that already have auth.net integration that are also PA-DSS.
ecommerce templates is one that is on the low end of cost
aspdotnetstorefront is one that is a bit more expensive
Many others im sure, those are two I am familiar with though.
|
rocknbil
msg:4421412 | 5:14 pm on Feb 24, 2012 (gmt 0) |
| writing your own checkout and integrating authorize.net is bad bad bad bad bad, did I mention bad? |
|
Please expand. If you don't store CC information on your server and use A.N.'s best practices (and their examples as starters,) force SSL on all checkout areas, more information is needed to define why it's bad. It's exactly what existing cart software does.
The PCI compliance scans apply to existing shopping cart software as well, and a non-compliant server will cause the scans to fail just as easily. If you host the site in a PCI compliant environment, securing a script to pass a PCI scan is not all that difficult (and makes a more aware coder out of you.)
Of course, the cheap and cheesy solution is to just pass the customer to the Authorize.net payment page on checkout.
|
ssgumby
msg:4421418 | 5:47 pm on Feb 24, 2012 (gmt 0) |
First, storing CC is not just the issue. Accepting and transmitting CC data is also considered high in PCI terms.
PCI is not just about the server anymore, your cart is required to be PA-DSS certified. Getting PA-DSS is not cheap from what ive heard.
"PCI-DSS (the PCI’s own Data Security Standards) now requires that applications be PA-DSS validated as well. PCI standards include the transmission of data using SSL encryption, protecting cardholder information, and creating and enforcing strict security policies."
|
jerseyboy
msg:4421421 | 5:50 pm on Feb 24, 2012 (gmt 0) |
very helpful. Guess I'll chuck my code and d/l Magento. Don't need to re-invent the wheel if its that involved. Having a solid payment service is most crucial to me.
|
jrockfl
msg:4421561 | 3:36 am on Feb 25, 2012 (gmt 0) |
Magento is not in .net though. Authorize.net provides an api along with example code.
You pretty much make a request and get back a response. I wrote our entire e-commerce application in .net.
Now, I'm working on the mobile version.
|
jerseyboy
msg:4421580 | 4:37 am on Feb 25, 2012 (gmt 0) |
jrockfl - was it fairly easy to get your checkout working w/ authorize.net's API and your custom .net site?
|
jrockfl
msg:4421685 | 1:03 pm on Feb 25, 2012 (gmt 0) |
Yes, I thought so. Keep in mind I have been working with Authorize.net for over 10 years.
They provide a nice api with sample code which makes it pretty easy.
Sign up for a developer account and you do all of your testing in a their development environment.
[developer.authorize.net...]
They also have a forum which is pretty helpful too.
In my opinion, Authorize.net is the best one to work with. Nice samples, large developer following and have been around for years.
|
|
