[lug] Letting folks pay from the web.

Bear Giles bgiles at coyotesong.com
Mon Feb 1 09:24:12 MST 2010 

CVV is one of the things that you absolutely cannot keep
post-authorization.  Not in any form.  I don't think any of us need to worry
about the 'stripe data' on the card itself.

Bear



On Mon, Feb 1, 2010 at 9:09 AM, Rob Nagler <nagler at bivio.biz> wrote:

> On 2/1/10, Jonathan Corbet <corbet-bldrlug at lwn.net> wrote:
> > PayPal is pretty easy to set up and deal with, for the most part.
>
> Agreed.  We use it for freiker.org.  I agree it is hard to get money out
> of people when you use it, then again, it's hard to get money out of
> people to donate to freiker.org. :)  You can see the code here:
>
> http://www.freiker.org/tech/wiki/Software
>
> >  of history.  We're using Wells Fargo; they seem expensive but it all
> >  just works, which we value.
>
> We use Wells Fargo and have used Vectra and our customers use a
> couple of others, which I don't know.  AFAIK, they don't have any problems.
>
> One thing is that you need to be careful when setting up the merchant
> account that they hook it up to the right processor.  The banks don't
> understand
> this Internat-thang, and think that everybody uses a swipe machine.  They
> will send you decals, which I give to my kids, but I guess you could put
> them
> on your computers. :)   I didn't manage the process once and they did this
> whole training with my bookkeeper and before I knew it she had spent hours
> going through stuff she didn't need to know.  We just generate the
> QuickBooks
> files for her, and she imports them once a month.  They had also hooked us
> up to the wrong processor, because that's the one they "prefer" (i.e. get
> the
> most money for).
>
> > On the gateway side I recommend
> >  TrustCommerce;
>
> We have used authorize.net for about 10 years.  We have had no problems.
> Our code dealing with authorize.net is here:
>
> http://www.bivio.biz/f/bOP/lib/Bivio/Biz/Action/ECCreditCardProcessor.pm
>
> We almost never have to talk with them.
>
> Another tip: don't store CVV or even ask for it.  You get a "discount" on
> your
> "discount rate" if you do, but we've never had a fraud situation, and even
> if
> we did, it would be for, say, $100.  It's unlikely for your
> application that you
> need anything more than a zip code and email.  We don't ask for a phone
> either.  The less you have in your db the better.
>
> Rob
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20100201/fe8fa17c/attachment.html>

More information about the LUG mailing list