Posted by Robert G Laurin on February 02, 2008 at 07:20:13:
In Reply to: Credit Card Processing posted by Mike Saunders on February 01, 2008 at 10:15:10:
I've been doing batch CreditCard and Pre-authorized Payment (Autopay) processing for 15 years now.
Things evolved a bit since that time, gone are the dial-up line.
Been dealing with ChasePaymentech, BankOne, BellGlobal (formally Transact-TDSI), E-xact, ScotiaDirect and PaymentSolutions (UK).
All require a batch transaction file to be generated, some with headers and/or footers. Some use PGP encryption. Transmission is done thru FTP or Secure FTP (SFTP) and nearly all validates the IP address for added security.
Implementation is fairly simple and using a scriptable FTP makes the whole process so much easier.
We have not implemented a single transaction system (real-time). Everything is batch. Whenever we need a single Internet transaction we use a secure server hosted by our ISP (his problem, not ours).
BEWARE: There are new security rules that must be applied for CreditCard processing, it is a big chanlenge to meet all the criterial. The rules are called PCI Compliance. Credit cards need to be stored encrypted (the Comet encryption does not meet the requirement) and the security code can NEVER be stored nor printed.
Good luck !
Each file can be a maximum of 1MB in length Uploaded files will be purged from the server on a regular basis.