I am in the beginning stages of site design for an e-commerce site. The merchant account and the SSL will be taken care of. Part of the requirement for the merchant account is an 'SSL approved shopping cart' or something like that. This site however, is not a typical store with a bunch of products. It will sell one product and that's it - it seems like a shopping cart is an overkill. I wonder, is there a way to go around this shopping cart? All the order page will need to do is grab the quantity and the address along with the CC info and send that via a secure connection on to wherever it goes.
My understanding is that SSL shopping carts make the SSL integration simple and straight forward. How difficult is it to code in that aspect myself, given that all other pieces are in place, like the SSL certificate, merchant account, gateway, etc.
Thanks in advance!
SSL is a server configuration thing, once it's enabled that's it. None of your code has to change unless you hard coded links to http:// addresses.
Perhaps you were reading "PCI DSS approved" or something like that? The website needs to meet the payment card industry security standards mandated by the card issuers. That goes far beyond using encryption, and any non-hosted shopping cart claiming to make you compliant is just feeding you marketing baloney, as the requirements aren't about just what software you choose.
Thank you, Dan, for the reply!
I guess that is what I am wondering about - I am not sure what the requirements are for compliance, and I am hoping to circumvent the whole shopping cart by doing something myself...though if this depends on the company that sets up the merchant account, then I guess they would have to answer that question. ??
The requirements involve everything from the website front end to all the systems that may touch cardholder data (even transiently), to system configuration and administration, to business policies. Accepting credit cards imposes requirements on how a business operates and how it runs its computer infrastructure. That means the business owners, server administrators and website developers all need to be involved to create a compliant environment.
Thank you, Dan!!
I will chat with the merchant account folks...
Pick a processing company that will accept an XML document from you over HTTPS. HSBC comes to mind.
If you only sell one product the only thing you need to do is sign up for a free paypal account and then generate a paypal buy now button and put up the html code for it on your sites sales page. No need for SSL or other stuff for this since paypal already uses SSL to protect their payment page. With this I assume your product is physical and not a downloadable file. If it is a downloadable file I have a minisite software you might want to check out.
Thank you for the post. I am aware of PayPal and do have them integrated into some of the websites that I have worked on. In this case, however, PayPal is not the ideal choice because it is not the most professional way of handling client payments from the user experience point of view.
Cheers, for the info, I was about to ask the same thing.
You may still want to offer Paypal as an option as there are lots of web users who will not make online payments any other way.