[thelist] Specific Ecommerce Requirements
Info@internetvraagbaak.nl
info at internetvraagbaak.nl
Wed Jun 28 13:30:52 CDT 2006
..... transaction id....using AUTH with Authorize.net ..... but then
again..we are back in the payment gateways...
conclusion: advice/convince the customer NOT to get into trouble trying to
do CC handling themselves!
In EU it means trouble if you are the shop that stored CC number info
..guess it means more trouble in the US.
Use a propor Gateway. Worldpay, Authorize.net, 2checkout, Paypal ....some
others.. but not that many!
Also it is best to deal with these companies directly.... and NOT use some
company in between you and them...for 'service' arguments... it gives you
more headache checking there contract and disclaimers.
> As others have already mentioned this is generally a bad idea. If you
> absolutely must go this route please at the very minimum encrypt the
> numbers with a key that is only stored offline, and be aware that you
> are likely violating agreements you have with whoever is processing
> your transactions.
>
> For a better solution, look at the model gas station's use for pay at
> the pump purchases. When you drive up and swipe your credit card, they
> have no idea how much gas you're going to buy. So they immediately
> reserve a block of credit credit on your card (usually around $75).
> Then once you're done pumping they charge whatever amount you actually
> purchased and release the hold on the remaining credit.
>
> Here's a technical rundown of how I would apply this model to your
> situation First, attempt to establish a reasonable maximum for the
> unknown prices such as shipping and handling. Then using this this
> maximum price immediately run an AUTH on the clien't credit card for
> this amount. An AUTH doesn't actually charge the credit card for the
> amount listed, it simply checks that the card is valid and that it
> COULD pay for the amount you're asking for in the AUTH. At this point,
> any worthwhile online processor such as Authorize.net will give you a
> transaction number which you can use to refer to this transaction. So,
> you no longer need the client's full credit card details and can
> discard them. Later once you've calculated the actual cost of the
> order, an employee can use the transaction number that the processor
> provided you with to capture the funds. You can capture any amount
> less than or equal to whatever you used in the AUTH phase and only the
> amount you capture will be charged to the client's credit card. No
> need to store the credit card details at all, just store the
> transaction number.
>
> HTH,
> --
> ------------------------------------
> Scott Wehrenberg
> --
>
> * * Please support the community that supports you. * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.394 / Virus Database: 268.9.5/377 - Release Date: 27-6-2006
>
>
More information about the thelist
mailing list