E-Commerce

I never thought I'd be asking about this, but what are some good ways to get started with the e-commerce/shopping cart/credit card validation crap?

In lieu of getting a real job, my girlfriend and I have begun designing web pages. I'm the IS graduate, and she's finishing up her Graphic Design degree. Anyway, one of our new "clients" has asked about starting a web shop after we design their initial marketing site. I've mostly programmed in PHP, dabbled in perl and ASP, and would like to learn ColdFusion, but I have no idea where to start with e-commerce balogna. ;) I haven't promised anything to them yet, because I want to make sure I can do it (get something up and running) before I take on that kind of responsibility.

I'm looking for some direction as to what are good ways to validate credit cards (PayPal?), what are the primary security concerns with doing something of this nature, and is one scripting language better suited than any of the others? Basically, if anyone else has any experience, what would you recommend?

Though I've never done it myself, I'd have to guess that utilizing PayPal's services for lower-budget sites is the best way to go. But if you'd rather go it yourself, there's a lot of costs that you might not be aware of:

1) An internet-enabled merchant account. Your client/organization will need to set one of these up with a respected bank. These typically charge a small fee per transaction, and also take a small percentage of all money recieved. They tend to also have some flat monthly fees for reporting, etc.

2) A processor/gateway. Companies such as VeriSign, Inc. offer payment processing services to allow your web site to validate credit cards in real-time, and transfer funds to your internet-enabled merchant account. (See VeriSign's PayFlowPro service for example) These types of services usually have a fairly high monthly fee.

3) An SSL certificate. Prices for these can vary greatly depending on who you order them through. Thawte and VeriSign are two of the better-respected trusted third parties.

4) Development/configuration time The extra time that will be necessary to develop your shopping cart, test it, and configure your site to work with the above-mentioned services is a sizable cost.

Security concerns are another issue as you're aware. One of the biggest is addressed by the SSL Certificate mentioned above. Installing, and enforcing the use of the SSL Certificate on your web site when people are entering sensitive date is rather important. Additionally, you generally need to make sure you client has a well-written privacy policy to address privacy concerns people usually have when entering sensitive personal information. Lastly - you should *never* store the person's credit card number on your web site. Storing the last 4 digits of the account number is okay for reporting purposes, but other than that, it's best to avoid storing the full account number if at all possible.

As an added note, going back to items #1 and #2 above, it's important to understand that not all merchant accounts can "talk" to all payment processing gateways. The key factor is that your merchant account, and payment processing gateway must be configured to operate on the same "payment network." There are a number of payment networks out there. Some of the biggies are "First Data", "Vital", and "PaymentTech" just to name a few. VeriSign for example supports 7 major payment networks I believe. Most merchant banks support 1-3 payment networks. It's just something you need to be aware of when ordering / setting up these services.

That's about all of the input I can give you, unfortunately my experience with lower-budget shopping carts is rather limited, so I can usually only give advice on the "cadillac" solution so to speak. There are plenty of more cost-effective ways to go about this, and from what little I do know, I think PayPal's services would be an excellent place to start.

Out of curiosity, what is the word on the new Yahoo! Shopping Carts? It seems like a lot of semi-respectable computer hardware dealers use them.

Much Thanks, as always, Grizzly. I think I'll start with configuring a shopping cart database and interface and go from there.

I've bought many times from pfuca and they use the yahoo carts and they seem fine. You could also look at www.miva.com We offer it at my work for customers and it's pretty nice.