On Sat, Sep 11, 2010 at 3:22 AM, tonypm [email protected] wrote:
We are relatively new to this concept, so we do not know where to
What should I look for when considering one of the above services?
Fees? Processing fee per transaction? Monthly billings, etc?
Any additional information will be appreciated.
This question interests me too. Strange not to have got any response
to this- I wonder how many people have actually implemented a payment
gateway on a rails site - it doesn’t seem to appear in posts lately…
The situation with regard to taking credit card payments has changed
substantially, perhaps fundamentally is a more accurate word, in the
last year. Long-story-short, your best option is to get set up with a
Payment Gateway that will handle your interactions with Payment
Processor(s). If you Google ‘credit card payment gateway’ you will
The change that has taken place results from legislative action
responding to system breaches that have resulted in credit card info
What has emerged is a ‘system’ wherein your site never sees the actual
credit card information that the user enters. It gets submitted
directly to the Payment Gateway which passes it to the Payment
Processor and then passes the response back to you along with a
‘token’ for that credit card which you can use to make charges against
it for future purchases. The token is only recognized as valid by the
Payment Gateway if it comes from your system. What that means is that
you are not storing anything that could be used by someone who broke
into your system. You have no credit card info, and the tokens aren’t
usable by any system but yours.
My experience with this began about a year and a half ago. The
company I work for sells a SaaS POS system that provides our customers
with the ability to take credit cards. The Payment Processor we
initially talked to told us that we needed to either go the Payment
Gateway route (which they strongly recommended) or to get ready to
spend around $50K, not counting our time, for a PCI audit /
certification. In order to deal directly with Payment Processors you
now must be certified as PCI-compliant.
If you need more help, particularly with respect to the ‘what should I
look for …’ question, I’d be happy to offer it off-line as this
really has nothing at all to do with Rails. You can reach me at the
work email address below.
bill AT shopkeep DOT com