OT: Third Party Credit Card Processors

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hey All,

I'm going to be using a third party to handle credit card and member subscriptions. I was just wondering, since I'm working with Perl, what would be the best to chooose from? I only tried PayPal and intergrating their validation scripts with your own is not too rough, but I was wondering if there are better ones then PayPal and intergration to be just as good? Any one have any experiences of doing this?

Darion

Comment on OT: Third Party Credit Card Processors

Replies are listed 'Best First'.
Re: OT: Third Party Credit Card Processors by hv (Prior) on Aug 12, 2005 at 08:45 UTC
I have experience of working with WorldPay's "Select Junior" account. That works well, and can be set up to be acceptable secure something like this: configure the WP account to invoke a callback CGI script on your own server on completion, and configure a password for it to supply; when invoked, check that a) you were invoked via https; b) the password has been supplied correctly; then c) look up the order reference supplied, d) check that the currency and amount tally with what you expected, and e) that the transaction was successful. I recently started looking at the PayPal offerings, and it looks as if the mechanisms they provide are similar enough to offer the same degree of security for a similar amount of development effort. I also looked at another option, the "Protx Form kit". Unfortunately I wasn't able to see a way to use this securely, and when I spoke to their developers they agreed with my analysis of the vulnerabilities, but did not offer any hope that they might be fixed. (The company also offers a "Server kit", but it's Windows only so I didn't evaluate it.) Hugo	[reply]
Re: OT: Third Party Credit Card Processors by perrin (Chancellor) on Aug 12, 2005 at 14:17 UTC
Choose one that is supported by Business::OnlinePayment.	[reply]
Re: OT: Third Party Credit Card Processors by saberworks (Curate) on Aug 12, 2005 at 15:25 UTC
We had a system that supported both PayPal and Authorize.net (Authorize.net was through Business::OnlinePayment). The Authorize.net stuff was easy to implement, and when their server went down, the scripts would error out correctly. The problem with PayPal was that we would send off a request to their server to charge a card, and their server would never ping back that the card was charged. So people were being charged, but we had no record of it. It was a really bad system and I was happy when we were finally authorized to get rid of the PayPal component.	[reply]