[BLUG] accepting credit card #s from a web form

Joe Auty blug_at_mailman.cs.indiana.edu
Sun, 25 Feb 2007 16:34:34 -0500 

--Apple-Mail-66-858546054
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

Hmmm...

Are authorize.net prices and stipulations listed somewhere? Every  
merchant account online CC processing service I've looked at ended up  
being pretty expensive, and some requiring a minimal monthly  
transaction...

Perhaps I will go with PayPal solely out of issues of liability..


On Feb 25, 2007, at 4:27 PM, Andrew Poland wrote:

> Other than Paypal, there are a few other providers that can expose  
> an API in the way that Jeremy describes.  A site I work with uses  
> www.authorize.net and as soon as the site processes a checkout  
> submission passes the transaction info straight to them via a web  
> service.  The site store a harmless transaction confirmation id  
> locally but can retrieve the full transaction info from a secure  
> site maintained by authorize.net if needed.
>
> I sleep a lot better at night knowing that if someone were to  
> compromise the server they would not find any financial data.  And  
> as far as customers know your site is doing all the credit card  
> processing.  The outsourced part is hidden to them.
>
>
> Andrew
>
>
> On Feb 25, 2007, at 3:35 PM, Gaddis, Jeremy L. wrote:
>
>> Verisign used to have a nice solution to this problem, but it's  
>> been sold to PayPal.  You basically take the cardholder  
>> information via your web form and pass it off to PayPal for  
>> authorization (via a provided API).  You're sent back a response  
>> that lets you know whether the authorization was successful or  
>> not.  This way, you never have to store the card information,  
>> which is one thing that the PCI DSS prohibits.
>
>
>
>


--Apple-Mail-66-858546054
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=ISO-8859-1

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><DIV>Hmmm...</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Are authorize.net prices =
and stipulations listed somewhere? Every merchant account online CC =
processing service I've looked at ended up being pretty expensive, and =
some requiring a minimal monthly transaction...</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Perhaps I will go with =
PayPal solely out of issues of liability..</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><BR><DIV><DIV>On Feb 25, 2007, =
at 4:27 PM, Andrew Poland wrote:</DIV><BR =
class=3D"Apple-interchange-newline"><BLOCKQUOTE type=3D"cite"><DIV>Other =
than Paypal, there are a few other providers that can expose an API in =
the way that Jeremy describes.=A0 A site I work with uses <A =
href=3D"http://www.authorize.net">www.authorize.net</A> and as soon as =
the site processes a checkout submission passes the transaction info =
straight to them via a web service.=A0 The site store a harmless =
transaction confirmation id locally but can retrieve the full =
transaction info from a secure site maintained by authorize.net if =
needed.</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>I =
sleep a lot better at night knowing that if someone were to compromise =
the server they would not find any financial data.=A0 And as far as =
customers know your site is doing all the credit card processing.=A0 The =
outsourced part is hidden to them.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Andrew</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><BR><DIV><DIV>On Feb 25, 2007, =
at 3:35 PM, Gaddis, Jeremy L. wrote:</DIV><BR =
class=3D"Apple-interchange-newline"><BLOCKQUOTE type=3D"cite"><SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><FONT =
size=3D"2"><SPAN class=3D"Apple-style-span" style=3D"font-size: 10px; =
">Verisign used to have a nice solution to this problem, but it's been =
sold to PayPal.=A0 You basically take the cardholder information via =
your web form and pass it off to PayPal for authorization (via a =
provided API).=A0 You're sent back a response that lets you know whether =
the authorization was successful or not.=A0 This way, you never have to =
store the card information, which is one thing that the PCI DSS =
prohibits.</SPAN></FONT></SPAN></BLOCKQUOTE></DIV><BR><DIV> <SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><BR =
class=3D"Apple-interchange-newline"></SPAN></SPAN> =
</DIV><BR></BLOCKQUOTE></DIV><BR></BODY></HTML>=

--Apple-Mail-66-858546054--