building a credit card page

**gib65** · 09-26-2012, 03:07 AM

Hello,

This is my first time building a website with a credit card page. I need to know what's involved.

I'm not just ask about code, but legal and financial issues I need to know. Where would I begin in my research on how to build a credit card page (i.e. the page one usually goes to on a website when he wants to make a purchase).

Thanks for the help.

**james438** · 09-26-2012, 03:19 AM

I have not visited the site in a while, but when I had legal questions about fair use (I believe this was before I had even heard of fair use laws) I would ask them at http://www.websitepublisher.net/ The site is run by a lawyer that gives general legal advice on website usage. I want to add that it has been a few years since I have been to his site. The question I asked was on the legality of using screenshots on my site for reviews and also how much a script can be modified before I can claim it as my own script.

The answer is that yes, I can use screenshots for reviews or galleries if I want. Second, a script needs to be altered 100% before I can claim ownership of a script.

**djr33** · 09-26-2012, 03:42 AM

Dealing with credit cards is something very serious that shouldn't be done unless you know what you're doing. I suggest looking into something like paypal integration instead.

Sorry, but that's just my opinion here-- if you have to ask, then you shouldn't be doing this. (I also wouldn't even attempt to make my own custom credit card forms.)

The only real advice I can give you is to definitely use HTTPS, and look for an existing online store solution that is reliable and trustworthy, even if you have to pay something for it.

**traq** · 09-26-2012, 04:30 AM

I second (*very strongly*) Daniel's answer: If you have to ask, you shouldn't be doing it.

I've been doing websites and apps for a while now, and I consider myself fairly competent. I know enough to get a credit card processing script working, but I won't do it. There's too much liability involved. Fortunately, there is a far better solution: use an existing payment processing service (e.g., paypal).

This transfers the responsibility (and therefore, much of the liability) to a company that is fully dedicated to it and has the necessary resources to address the security issues. Also, users are more likely to buy something from your site via PayPal than trust you with their CC number.

And rightly so.

**bernie1227** · 09-26-2012, 07:54 AM

I agree with traq, basically, if you need to ask with security, it'd be better of to just use a PayPal plugin of some sort.

**djr33** · 09-26-2012, 03:56 PM

The other thing to add here is that this is usually something done by security professionals, such as bank employees, and there's usually a team consisting of security experts, expert programmers, etc. This isn't the sort of thing that someone just does for their own website, because that's a bad idea.

If you're interested in it for the theory, then I'd suggest two things:
1) Just play with it. Do not us real credit card information. Then only after you understand it fully, should you try to use it on a real site. At that point you can do it without asking any questions, meaning you know enough. And you should still be very careful of course.
2) This is a situation where I think you should read a book. There are books out there about security (along with things like various programming languages and databases), and this requires a lot more background knowledge than just making a page work or not work on the surface-- the theory of security will be relevant for you.

**bernie1227** · 09-26-2012, 08:29 PM

I'd have a look here for more information on getting paypal on your website (it's highly secure, and easy to install)

**Beverleyh** · 09-26-2012, 09:14 PM

Definitely look to a 3rd party - for a relatively small number of items, PayPal add-to-cart or Buy/Pay Now buttons are very easy to setup. (PayPal's manual invoicing system is very useful for rectifying discrepancies to). For more complex purchasing systems/ shopping carts, try OSCommerce or CubeCart with PayPal integration.

Alternatively you could use Amazon payments (although their terms say they're only for fixed-price goods setups rather than services) or you could try the newer Google payment system which looks like it offers much of what PayPal does, except the website info is much more convoluted. PayPal, IMO, is much easier to understand plus more popular than Amazon and Google so I think visitors are more likely to use it.

Good luck with your choice.

**djr33** · 09-26-2012, 11:24 PM

Right. Paypal takes a percentage of the money (the others do too, right?), but it's widely known and trusted so it's probably worth it; secondly, many people already have accounts so it's fast and easy for them. I know that if someone ends up too complicated for me I just give up.
And I'm always happy when a website has paypal. A good example is American Airlines. Most airlines have their own complicated billing system, AA included. But then they also offer Paypal as an option and it makes things so much easier.

**traq** · 09-27-2012, 01:16 AM

~amazon payments: I've dealt with them (via kickstarter), and everything went fine - however, I later tried to use it for a dozen or so follow-up transactions, and it was a complete mess. I couldn't get any payment requests to go through, the other parties couldn't pay me directly, and no one (including Amazon customer service) could offer a specific, rational explanation as to what wasn't working or how to solve it. Their API, as far as I can tell, doesn't come close to competing with PayPal's either.

Speaking of PayPal's API, it really is quite fully-featured. If you understand it well enough, you can manage just about any kind of transaction you might need to. It's even possible to write your own "Buy Now" buttons dynamically and verify payments/amounts/etc. automatically.