tags:

views:

1666

answers:

4
+2  Q: 

Credit card payment gateway in PHP?

I need to process credit cards and integrate with backend payment services to credit them. The majority of solutions on the internet require an intermediary, eg. 2CO, GCO, Auth.net.

Do you have any experience with implementing a credit-card payment gateway in PHP? Any help in appreciated.

Thanks for your time.

A: 

The best solution we found was to team up with one of those intermediaries. Otherwise you will have to deal with a bunch of other requirements like PCI compliance. We use Verifone's IPCharge and it works quite well.

TheCodeMonk  2009-09-17 16:33:11
+1  A: 

There are more than a few gateways out there, but I am not aware of a reliable gateway that is free. Most gateways like PayPal will provide you APIs that will allow you to process credit cards, as well as do things like void, charge, or refund.

The other thing you need to worry about is the coming of PCI compliance which basically says if you are not compliant, you (or the company you work for) will be liable by your Merchant Bank and/or Card Vendor for not being compliant by July of 2010. This will impose large fines on you and possibly revoke the ability for you to process credit cards.

All that being said companies like PayPal have a PHP SDK:

https://cms.paypal.com/us/cgi-bin/?cmd=%5Frender-content&content%5FID=developer/library%5Fdownload%5Fsdks

Authorize.Net:

http://developer.authorize.net/samplecode/

Those are two of the more popular ones for the United States.

For PCI Info see:

https://www.pcisecuritystandards.org/

Scott Lance  2009-09-17 16:36:50
where can i read about that "u have to be compilant with PCI" thing?
Chris  2009-10-09 11:16:29
https://www.pcisecuritystandards.org/
Scott Lance  2009-10-09 15:41:15
@Scott i meant, where can i find the law. on that page at least i cant find a notice that u are forced by law to be compilant by july 2010
Chris  2009-10-12 00:37:29
There is no 'law', but if you don't become compliant, and are caught, then your merchant bank will be fined by the PCI, that fine will probably roll down hill and hit you. Then you will be either forced to pay the fine or lose your ability to process credit cards by your merchant bank. See http://websiteverification.wordpress.com/2009/04/28/pci-dss-fines/
Scott Lance  2009-10-12 13:01:13
@Scott: i understand the issue Scott. All i want to find is some serious sources, nut just this blog posts without any references. If you can be fined by court to pay for the loss of cc data (even if u didnt lost anything) there has to be a law that protects you from that IF u are PCI complilant. however, somewhere has to be a law involved otherwise PCI coulndt have any impact bcs non compilance couldnt be pursued.
Chris  2009-10-16 16:31:40
The courts or the federal governments with the exception of Nevada have nothing to do with PCI. PCI is a independent body run by the 5 major card brands (Visa, MC, AMEX, JBC, Discover). If a breach in your company occurs, then the PCI will fine your merchant bank, your merchant bank will pass the fine along to you. If you refuse to pay the fine, then your merchant bank will probably drop your service and those card brands will revoke your privilege of processing transactions with their brands. We found out Friday that even if you are PCI compliant and are breached you will still be fined.
Scott Lance  2009-10-18 04:13:32
We also found out Friday from our QSA that Nevada has passed a law that requires all Nevada companies that process credit cards are required by law to become compliant to the PCI standard. See http://infoseccompliance.com/2009/06/22/nevada-law-incorporates-pci-and-provides-a-liability-safe-harbor/
Scott Lance  2009-10-18 04:16:12
PCI does not provide any protection. It is simply a standard that must be followed. As Scott Lance said, you are still fully liable for damages due to stolen information whether you're PCI compliant or not.
Jestep  2010-01-08 15:42:39
+2  A: 

If you need something quick and dirty, you can just use PayPal's "Buy" buttons and drop them on your pages. These will take people off-site to PayPal where they can pay with a PayPal account or a credit card. This is free and super easy to implement.

If you want something a bit nicer where people pay on-site with their credit card, then you would want to look into one of those 3rd part payment providers. None of them (that I'm aware of) are completely free. All will have a per-transaction fee, and most will have a monthly fee as well.

Personally I've worked with Authorize.NET and PayPal Website Payments Pro. Both have great APIs and sample code that you can hook into via PHP easily enough.

Eric Petroelje  2009-09-17 16:38:01
A: 

Braintree also has an open source PHP library that makes PHP integration pretty easy.

dan-manges  2010-03-09 04:22:13

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases