Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: buckworks
Are they indeed storing the CC number and security code, or are they doing something else?
I remember reading some members here saying that they don't store CC numbers as you don't need to, from that I assumed when the user checks out and the data is sent to the bank they use some return code from the bank to perform the charge etc. Can someone explain this to me, and is it the same as what amazon/apple is doing?
when the user checks out and the data is sent to the bank they use some return code from the bank to perform the charge etc.
1. Install valid cert on your site. No processor I know of will accept a silent post (below) from a non-SSL location.
2. Set up online merchant account with bank.
3. Set up account with gateway. It is the gateway you actually connect to, and the gateway is what actually "talks" to the bank. Sometimes these are separate, for example, your bank and Authorize.net gateway. Sometimes they are combined, for example, FirstData/Linkpoint (now Elavon.)
4. Via silent post, you collect the input data and post the data to the gateway. Gateway connects with bank, auth's the transaction (or not,) and returns a response code and other data. Depending on the resonse, you update your database and return a response to the user. The impression is that they've never left your site.
How to silent post? Look into curl, or for PHP, pcntl_curl() if the extensions are installed on your server.
Worry not, all gateways have sample code and test servers to get you set up.