Are you sure you want to be handling credit card numbers directly on your site?

Are you aware of the recommendations from VISA/MC on the kind of systems you must have in place if you're going to handle card details?

Most merchants have the actual authorisation done by their payment processor, so they aren't liable if it goes wrong...

A payment processor validates the card number for you as they take the payment and many of them offer a postcode/ZIP-code check as well. I know mine does.

Well I was just wondering how this is normally done.
Would I pass the details to a bank's validator/processor and they then inform me if it has passed validation and return some sort of authorisation to my PHP code?

It needs to be something that can validate the card number in the space of a few seconds so that the user can then carry on downloading their product, etc.

The way it should be done consists in integrating a Gateway within your cart script
for ex Authorize.net
System:
From the merchant
goes to:
For example authorize.net via internet

To the merchant bank processor

To the credit card interchange process

To the credit card issuer

To the merchant bank account

To the merchant bank.

the whole thing is a complicated process
and really should not be addressed outside of a gateway.

Would I pass the details to a bank's validator/processor and they then inform me if it has passed validation and return some sort of authorisation to my PHP code?

IMHO your site should NOT be asking for the credit card details at all.

You should pass a basket reference and basket total to the gateway, they ask for the payment details, make the relevant security checks, process the payment, and pass back a token to your site which indicates whether the payment succeeded. Your site can then proceed (if the order is paid) or throw an error (if the payment failed).

Hint: don't re-invent the wheel - this kind of thing has been done over and over again, why do you want to recode it?

Thanks for the advice.
I have had a look at some banks' secure ePayments systems. They mention some shopping cart sites that are already integrated with their systems.
I presume this could be designed by myself though or is it not worth doing that?
What I was trying to avoid is having a different shopping cart company that the user has to register with and pay through?

What I was trying to avoid is having a different shopping cart company that the user has to register with and pay through

When you apply for an account with a payment gateway, most of them have a drop-down box with list of compatible shopping carts, and then "other" or "custom cart" at the bottom.

If you've programmed your own cart, you should be able to write the extra code to pass the transaction to the payment gateway and to receive the response. Compared with writing an entire shopping cart this isn't rocket science :-)

Hmmm, sometimes it might be not that of a piece of cake.
However most gateways do supply you with some code samples and/or a tutorial.
If you contact them (Gateway) before signing for an account you might be able to be pointed to such a script in order to assess if you will be able to perform the insertion.