topic Re: What method should I use? in Integration and Testing

What method should I use?

wrujadroph — Thu, 02 Feb 2012 11:50:27 GMT

Hi All

I am new to this area and I am not able to decide on what method I should use to integrate my website. (Server Integration

or AIM) . I would be grateful if some one can help me out? Here are my questions and requirements.

*Can we save customers credit card info with us? Can authorize.net do this for us(As it will be more secured then we saving it)?

* Do our customers need to create a authorize.net user account in order to pay? (Like in paypal)

*Does Authorize.net let is develop and test for free i.e. at the time of development we do not want to create a account. Once we are satisfied that this is what we are looking for then only we want to create a account.

* We need a fool proof system of payment notification.(Not email notification) Here are more details --

We will have our own user account management server that will maintain

user names/passwords and user data. Every user account will have an

associated expiration date and/or balance.

We want the authorization process to be automated: once the payment is

made, we want the service(Authorize.net) to notify us SECURELY that a payment has

been received for a particular user account.

Our server-side script can then update the expiration date and/or

balance for that user. The emphasis here is on "securely", because we

want to prevent fraudulent messages recharging someone's accounts for

free.

We may want to start with using the form provided by the service, but

the ability to just send the credit card information to be processed

is a plus. To minimize the liability, in case if we are hacked, it is

safer to use the payment form provided by the service. On the other

hand, if our database server fails (which it shouldn't), we probably

don't want people to be able to pay if we can't deliver the

service/update right away.

Relevant questions to be answered here are:

how will the confirmation messages be delivered to our server? and

what will happen if the confirmation messages are lost, e.g., if our

the server is down?

To minimize the liability, in case we lose any financial data, we

should not store credit card information ourselves. We should,

however, check if the service can optionally store credit card info

for us.

Also, is there any downside we go with a 3rd party provider(Listed on your website) rather than authorize.net directly.

Thank you very much.

Regards

Re: What method should I use?

stymiee — Thu, 02 Feb 2012 15:34:35 GMT

*Can we save customers credit card info with us? Can authorize.net do this for us(As it will be more secured then we saving it)?

That's exacly what CIM is for.

* Do our customers need to create a authorize.net user account in order to pay? (Like in paypal)

No.

*Does Authorize.net let is develop and test for free i.e. at the time of development we do not want to create a account. Once we are satisfied that this is what we are looking for then only we want to create a account.

No, you can use a developer account which is free and acts just like a live account but does not incur any costs. You can sign up for one here.

how will the confirmation messages be delivered to our server? and

what will happen if the confirmation messages are lost, e.g., if our

the server is down?

Depending on the APi you use for your payments you will be informed of a payment differently. One way to be informaed of payments that is univeral accross APIs is Silent Post. If your server is down when a Silent Post is sent you will need to manually update your own software that a payment has been made. But that obviously only applis if you depend on Silent Post for this and aren't updating automatically when the API itself makes the payment (CIM, AIM, etc) which is the norm.

Re: What method should I use?

TJPride — Thu, 02 Feb 2012 20:17:47 GMT

One additional note - you can use an automated process and the Transaction Details API to pick up any transactions that may be lost in transit, by just running through the recent transactions one at a time and updating your database if the data never made it there.