I’ve been doing web development for a bit over 5 years now, and still I find the whole concept of e-commerce a little hard to grasp. Money always complicated things ;) I’ve never actually worked on a site that required payment processing, but now that I’m doing more and more freelance work it’s starting to come up and I’d like to be confident about it. I’m also working on an unannounced, top-secret (hehe), personal project at the moment that I’d like to wrap up by April and it will be making heavy use of credit card transactions. This project is my primary reason for wanting to really get into this stuff.
I was thinking that it might be interesting to track my own eexperiences in this area through a series of blog posts. Hopefully it’ll help other people. Keep in mind that I’m by no means an expert, and I really have no idea where this series of posts is going to go.
So let’s start at the beginning. I’ve got a few clients who are looking to enable online payment via their websites, and my own site will also need this ability. I’ve looked at this scenario from a few angles already, and if you’re in a situation where you need to build an online store of some sort, I suggest looking at an out-of-the-box shopping cart application like Cubecart, Zencart or osCommerce. These packages have built-in support for several popular payment processor services and are relatively easy to customize. I’m not going to recommend any particular app because although I’ve briefly tested them I’ve never built and launched a site using a shopping cart package.
If you find that none of those solutions will work for you then you’ll more than likely have to build support for your chosen processor right into your site itself. This is the spot that I’m at right now and I can tell you that at this point it seems like a pretty daunting task. I figured I’d start by looking at possible processors. I’m a technical guy, so my initial concern was what kind of API I’d have to implement. Another thing that was a concern for me was the fact that I’m Canadian and require a processor that makes doing business in Canada easy.
The first solution I looked at was Paypal’s Website Payments Pro. This was attractive for a few reasons:
- No setup fee
- Low monthly charge ($35.00 CAD)
- I already had a Paypal account, and no direct merchant account is required
For the real beginners, a merchant account is a special type of bank account that you need in order to accept credit card payments. This is true for a brick and mortar merchant as well as an online retailer or service provider. The basic idea here is that the credit card company deposits payments into your merchant account and then after a certain holding period that money is transferred into your actual personal/business bank account. Getting a merchant account can be a pain in the ass and/or expensive, so not having to do this directly is a big help.
I downloaded Paypal’s API and started taking a look at it, and my first order of business was to run some test transactions. This was where I hit my first roadblock with Paypal. Their website essentially sucks and it’s incredibly hard to find the information you need. Also, Paypal’s “sandbox” site is a nightmare. It’s basically a fake version of Paypal which is used for testing purposes. I spent about 2 days trying to get my test account working to no avail. The documentation provided seemed decent at first, until I realized that it describes several things which appear to be completely out of date or otherwise inapplicable. I tried their developer forums for some answers and though I found someone who seemed to be willing to help, I still couldn’t get it working and that person wasn’t an official Paypal representative, so there wasn’t much they could do.
End result: I more than likely won’t be using Paypal for this type of work in the future. Nothing but headaches. Not only that, but the Website Payments Pro product has some requirements that I wasn’t too happy about, most notable was the fact that you can only process Visa and Mastercard cards directly on your site and that you MUST include Paypal’s “Express Checkout” as a payment option. Regarding the latter, I’m not sure what Paypal’s definition of “express” is but it differs from mine in that their payment option actually increased the number of steps a potential customer would have to go through in order to complete their transaction. Not good.
After that experience, I decided that my best bet would be to not deal with the specific implementation of credit card processing yet. If you take anything away from this post, it should be this: abstract your payment processing code. I built some wrapper classes/functions that my site will use to work with credit cards. This way, I don’t really care what processor/API I’ll be using because in the end I’ll be able to drop that code into my wrapper class with minimal impact on the rest of my code. I might have to tweak certain things here and there, but right now I can go on building the rest of my site without worrying about these details. I had to make some assumptions regarding what kind of data I’d be using to interact with the processor, but I think it’s pretty standard and any changes I have to make once I decide will be relatively simple.
In the last few days I’ve been talking to someone from Merchant Accounts.ca who has been very helpful. They’re a Canadian company (which I’m happy about), and they offer a one-stop solution for merchant accounts/payment processing. Their rates are very competitive and they also have a reseller/partner program that I could benefit from when it comes to building e-commerce solutions for future clients. They have trial/test accounts that come with no obligation as well, so that’s a bonus. The only drawback is that they won’t give you test access to their direct processing API until you are PCI compliant. This basically means that I won’t be able to plan my implementation AT ALL until I’ve developed and documented certain specific policies for my business (i.e. red tape *groan*) and have my site fully functional and tested for vulnerabilities by a certified vendor of these sorts of services. Awesome. My next post will more than likely deal with this PCI business.
