[BLUG] accepting credit card #s from a web form

Andrew Poland blug_at_mailman.cs.indiana.edu
Sun, 25 Feb 2007 16:47:19 -0500 

--Apple-Mail-3-859311202
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

Joe,

Yes there are fees.  The payment gateway has a $20/mo fee and .10 per  
transaction plus the rate that VISA/Mastercard levies per  
transaction.  You also need a merchant account with your bank which  
has its own fees.  You will probably have to call them up for quote  
to get the full details, I'm not sure how much I'm allowed to post.

Paypal's per transaction costs are higher but may be cheaper than the  
merchant account fees if you aren't running a high volume of  
transactions.

Andrew

On Feb 25, 2007, at 4:34 PM, Joe Auty wrote:

> Hmmm...
>
> Are authorize.net prices and stipulations listed somewhere? Every  
> merchant account online CC processing service I've looked at ended  
> up being pretty expensive, and some requiring a minimal monthly  
> transaction...
>
> Perhaps I will go with PayPal solely out of issues of liability..
>
>
> On Feb 25, 2007, at 4:27 PM, Andrew Poland wrote:
>
>> Other than Paypal, there are a few other providers that can expose  
>> an API in the way that Jeremy describes.  A site I work with uses  
>> www.authorize.net and as soon as the site processes a checkout  
>> submission passes the transaction info straight to them via a web  
>> service.  The site store a harmless transaction confirmation id  
>> locally but can retrieve the full transaction info from a secure  
>> site maintained by authorize.net if needed.
>>
>> I sleep a lot better at night knowing that if someone were to  
>> compromise the server they would not find any financial data.  And  
>> as far as customers know your site is doing all the credit card  
>> processing.  The outsourced part is hidden to them.
>>
>>
>> Andrew
>>
>>
>> On Feb 25, 2007, at 3:35 PM, Gaddis, Jeremy L. wrote:
>>
>>> Verisign used to have a nice solution to this problem, but it's  
>>> been sold to PayPal.  You basically take the cardholder  
>>> information via your web form and pass it off to PayPal for  
>>> authorization (via a provided API).  You're sent back a response  
>>> that lets you know whether the authorization was successful or  
>>> not.  This way, you never have to store the card information,  
>>> which is one thing that the PCI DSS prohibits.
>>
>>
>>
>>
>

---
Andrew Poland <ajpoland_at_iupui.edu>
Principal Developer
UITS Course Management Systems
Indiana University

Join us in #sakai - irc.freenode.net





--Apple-Mail-3-859311202
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=ISO-8859-1

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; ">Joe,=A0<DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Yes there are fees.=A0 The =
payment gateway has a $20/mo fee and .10 per transaction plus the rate =
that VISA/Mastercard levies per transaction.=A0 You also need a merchant =
account with your bank which has its own fees.=A0 You will probably have =
to call them up for quote to get the full details, I'm not sure how much =
I'm allowed to post.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Paypal's per transaction =
costs are higher but may be cheaper than the merchant account fees if =
you aren't running a high volume of transactions.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Andrew</DIV><DIV><BR><DIV><DI=
V>On Feb 25, 2007, at 4:34 PM, Joe Auty wrote:</DIV><BR =
class=3D"Apple-interchange-newline"><BLOCKQUOTE =
type=3D"cite"><DIV>Hmmm...</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Are authorize.net prices =
and stipulations listed somewhere? Every merchant account online CC =
processing service I've looked at ended up being pretty expensive, and =
some requiring a minimal monthly transaction...</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Perhaps I will go with =
PayPal solely out of issues of liability..</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><BR><DIV><DIV>On Feb 25, 2007, =
at 4:27 PM, Andrew Poland wrote:</DIV><BR =
class=3D"Apple-interchange-newline"><BLOCKQUOTE type=3D"cite"><DIV>Other =
than Paypal, there are a few other providers that can expose an API in =
the way that Jeremy describes.=A0 A site I work with uses <A =
href=3D"http://www.authorize.net">www.authorize.net</A> and as soon as =
the site processes a checkout submission passes the transaction info =
straight to them via a web service.=A0 The site store a harmless =
transaction confirmation id locally but can retrieve the full =
transaction info from a secure site maintained by authorize.net if =
needed.</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>I =
sleep a lot better at night knowing that if someone were to compromise =
the server they would not find any financial data.=A0 And as far as =
customers know your site is doing all the credit card processing.=A0 The =
outsourced part is hidden to them.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Andrew</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><BR><DIV><DIV>On Feb 25, 2007, =
at 3:35 PM, Gaddis, Jeremy L. wrote:</DIV><BR =
class=3D"Apple-interchange-newline"><BLOCKQUOTE type=3D"cite"><SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><FONT =
size=3D"2"><SPAN class=3D"Apple-style-span" style=3D"font-size: 10px; =
">Verisign used to have a nice solution to this problem, but it's been =
sold to PayPal.=A0 You basically take the cardholder information via =
your web form and pass it off to PayPal for authorization (via a =
provided API).=A0 You're sent back a response that lets you know whether =
the authorization was successful or not.=A0 This way, you never have to =
store the card information, which is one thing that the PCI DSS =
prohibits.</SPAN></FONT></SPAN></BLOCKQUOTE></DIV><BR><DIV> <SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><BR =
class=3D"Apple-interchange-newline"></SPAN></SPAN> =
</DIV><BR></BLOCKQUOTE></DIV><BR></BLOCKQUOTE></DIV><BR><DIV> <SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><SPAN =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; =
"><DIV>---</DIV><DIV>Andrew Poland &lt;<A =
href=3D"mailto:ajpoland_at_iupui.edu">ajpoland_at_iupui.edu</A>&gt;</DIV><DIV>Pr=
incipal Developer</DIV><DIV>UITS Course Management =
Systems</DIV><DIV>Indiana University</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Join us in #sakai - =
irc.freenode.net</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><BR =
class=3D"Apple-interchange-newline"></SPAN></SPAN> =
</DIV><BR></DIV></BODY></HTML>=

--Apple-Mail-3-859311202--