Posted - January 11 2005 : 03:48:22
| I personally haven't found a high-level overview for this kind of thing, but here's my views, which other people will probably be happy to add to to help fill in the gaps.....
There are 2 main types of "gateways":
1) Enter details remotely
After the customer has entered their name/address/order on your site, they press the [make payment] button and then get sent to the gateway site (eg paypal, protx, worldpay etc) to enter their card details. As a merchant, you never see/know their card details, all you get as a merchant is the status of whether the transaction succeeded or not and how stringent the checks were, and how much the amount was for etc. When the customer finishes their payment they'll then get sent back to your site (to "shopthanks.asp") and the status of the transaction that the gateway has given you will be flagged on the order, so you can tell if it's been succesful or not and they'll get redirected appropriately (ie to "payment failed" or "success; here's your order-slip" pages)
On some gateways you can customise the payment page on the gateway (eg adding your logo/text etc) - protx is good for this as they allow extensive customisation.
2) Enter Details Locally
Your customers enter their card details directly on your site and you then pass them across with SSL to the gateway and retrieve the status dynamically without visibly diverting them.
Here are some personal views (and they are just personal views; they're open to debate!) -
If you're a well known big business then most people will expect you to capture/process their card details on your own site and people will accept/prefer that, in which case option (2) would be used.
If you're not a well known business then most people will expect you to NOT capture/process their card details on your site, and they will generally prefer/trust a diversion to a well-known gateway as gateways are known to have good protection/security, in which case option (1) would be used.
You'd need to put your customer hat on, and consider 2 points:
1) Do I trust this site to have implemented SSL properly across all pages that hold/show card details so that it's truly secure? Do I trust that their database is secure ? Is their internal admin secure ?
2) Do I trust this company with my card details, or would I prefer to give my card details to a 3rd-party gateway instead just to be sure ?
Whenever I order stuff online from smallish businesses, I always breath a sigh of relief when I get sent to a gateway that I know/trust rather than entering my details on their site, and I think a lot of customers will also feel like that (especially people who order online a lot)
Web Design, Online Marketing and VPASP addons
Edited by - devshb on January 11 2005 03:56:47