Forum Moderators: buckworks
I still trying to figure all this out still. I dont see how the flow works. First I host with SSL support
my CC form on https page --> post to CC processing (use my SSL certificate) outside my domain to CC processor, another https page --> CC gateway processes transaction outside my domain --> CC posts good/bad transaction variables to https PHP page within my domain --> I send client to a http page with good/bad message
Firstly you can simply use a gateway provider that processes the customers card on their site. No SSL is required.
So customer ads item to cart - http >
sent to cc processor/gateway - https>
enters details on gateway site - https>
sent back to your site with a success or fail message - http
This is the simplest way of doing it as all validation and storing of card data is done on the gateway side of things.
Second method is to take the details on your site and have the transaction processed i nthe background with the customer never leaving your environment.
Customer ads item to cart - http >
Sent to your cc page to insert card details - https>
- (background) CC details sent to cc processor/gateway in background - https>
- (background) Processor sends back an accept or fail message to your site - https >
If success your site renders the thank you page in either SSL or not depending upon the level of detial you will be displaying >
If fail then customer sent back to cc page in SSL - https
For example our system works by the gateway sending back to a hidden page that processes the info and then if ok pushes off to the thank you page and if not ok sends back to the cc page.
Hope this helps,
Cam
A lot of banks will not allow you to accept cards as well if you store them in your db.
Hackers are keen and eager to get in and not even the most secure system is safe so be careful.
Cheers,
Cam
