Payment - Card details on my website or gateways?

Sorry another question...

How are your payment gateways integrated? Does my customer enter details on my website or on the payment processor's site? I know its much more popular to do the former but from a security perspective I've always preferred to pass the customer to the car processor (I've used a few in the past) and tell them "Bill Mr X this amount and tell me it processed OK" and let them take the card details etc.

So how do you handle it?

Hi

That depends on the payment gateways you will be using. As you know, basically, there are two kinds of payment gateways:

1. Credit card base payment gateways such as Authorize.net, Stripe... For this kind payment gateways, customers will enter credit card information directly on your site for processing payment. However, these credit card information won't be stored in your site database, it is passed directly for processing payment.

2. Redirect base payment gateway such as Paypal, 2Checkout... For this kind of payment gateways, customers will be redirected to payment gateway for processing payment. We just pass payment amount... to the payment gateway and the gateway will handle the payment itself. Once payment completed, the payment gateway will notify the extension about the payment, then the extension will verify payment, make sure it is valid, update order status, sending emails.....

Hope my answers are clear to you. If you still have questions, please don't hesitate to ask

Regards,

Ossolution Team

So I'd be using CardSave - they have the option in their config's to do either but I assume from this you set it to take details on my site rather than CardSave's

I've never been clear what the advantage of that is, and the disadvantage is is need SSL certs etc? What am I missing?

You need to have an SSL certificate installed for your site/server, and it costs you money. That's the only downside I could see. The advantage is that your customers can enter credit card information directly on your site to make payment instead of being redirected to a third party payment gateway and I think they prefer doing that

Tuan

Really?

So I'd rather give my credit card details to a relatively unknown entity, for them to then pass them securely to the credit card processor anyway? And presumably not store the details of the card locally on the unknown entity server.

I've never been concerned about giving my credit card to a card processor. But to a local organisation who probably have limited time/resources/funds to provide IT security etc I'm far more worried...

In that case, I think you will have to choose to use a payment gateway which redirect customers directly to payment gateway for processing payment (such as PayPal) instead of using a credit card base payment gateway

Tuan

FYI, there is a special payment gateway called Stripe which allow customers to enter credit card information directly on your site

However, with their StripeJS (which is supported in our extension), the credit card data will be encrypted before submitting to server, and you won't have to worry about it. See stripe.com/docs/stripe.js ? for more information

Tuan

So we have a CardSave account. They allow a gateway option where customers are redirected to their server with lots of re-assuring WorldPay logos around and I guess most people have used WorldPay at some point and know their card details are not going to be ripped off.

Anyway, since I will be taking names and addresses it makes sense to have SSL certificate so I have upgraded my hosting account to have that and then downloaded and installed EB and the EB CardSave Plugin. I'm getting a time out on cURL because the CardSave system uses a crazy port. Port is closed on firewall and host will not open it on my package. So
1. I can spend £500 a year on a higher package (yeh right!) or
2. Move merchant account elsewhere that doesn't use a daft port - looking forward to that delight as it took an age to set up CardSave as needs company director signatures and all sorts or
3. Move host (I actually like my host but they have cheesed me off with this firewall nonsense - they should be able to open a firewall port specific to my account even on shared hosting)
4. Move to a "gateway" based account. Stripe (Stripe.js) does sound interesting. Would be useful to see a screen shot of how that looks and what I can easily add to that to explain to my "customer" that the information they are submitting is sent directly to Stripe. What other (UK) gateway options do you have? PayPal will rip us off in charges! CardSave is cheap. Will need to weigh up costs of Merchant vs Card Charges as we don't pay % on-cost on Debit cards.
5. Re-write the CardSave Gateway? Probably actually re-write the PayPal one as thats the functionality sought! Done it once before for another piece of software.
6. Shout at CardSave and see why I can't use WorldPay's main payment processor which seems to not be on a port!

Frustrated - as I really liked EB - but this might kill it and we have to return to our old payment system for a while.

:woohoo: TSOHosts have just come back to me to explain they thought I wanted the port open for inbound requests not outbound. So port is open and system testing can commence