I have experience of working with WorldPay's "Select Junior" account. That works well, and can be set up to be acceptable secure something like this: configure the WP account to invoke a callback CGI script on your own server on completion, and configure a password for it to supply; when invoked, check that a) you were invoked via https; b) the password has been supplied correctly; then c) look up the order reference supplied, d) check that the currency and amount tally with what you expected, and e) that the transaction was successful.
I recently started looking at the PayPal offerings, and it looks as if the mechanisms they provide are similar enough to offer the same degree of security for a similar amount of development effort.
I also looked at another option, the "Protx Form kit". Unfortunately I wasn't able to see a way to use this securely, and when I spoke to their developers they agreed with my analysis of the vulnerabilities, but did not offer any hope that they might be fixed. (The company also offers a "Server kit", but it's Windows only so I didn't evaluate it.)
Hugo
In reply to Re: OT: Third Party Credit Card Processors
by hv
in thread OT: Third Party Credit Card Processors
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |