Hi all,

Ok, firstly I'm a novice, so what I'm about to ask may be silly nonsense, but here goes:

I wish to accept credit card payments for my web site but I don't want to use one of those companies that do it all for you for a fee. I would ideally like to set one up myself. So I was wondering if SQL Server (or some other DBMS) has some kind of object that you can use to accept credit card payments? If this is gibberish, could someone please tell me how it works then?

Any help is really appreciated.

Thanks
Mike

No matter how you do it there will be a fee for the credit card, either by a payment service providor and or the merchant account.

www.protx.com is the cheapest PSP I have found, but the banks then add their bit.

Good luck

You might be interested in a book extract Webreference has on shopping carts, found here:

http://www.webreference.com/programming/carts/

I would be *very* careful designing a system to accept credit card payments yourself though, because if it is insecure (no offense intened) you could be seriously liable for credit card fraud. In most countries distance selling laws protect the customer at the expense of the vendor.

Adam

Thanks for the help, and the warning guys. Now I'm wondering, if I do use a thrid party, rather than do it myself, and their service is insecure and the credit card details are accessed, then whose liable me or the company I used?

Ok first of all if your credit card numbers you hold are not secure then your are in breach of the Data protection act.
If you do not want to use a 3rd party company for processing thet there is a way you can do it. I would persume you have some other means of processing the credit card details, maybe through a credit card machine in a shop.
What you would need to do is collect the credit card details from your site and store in a database. This must be done from within a SSL. Using some ASP script you can verify only that the credit card number can possibly be a credit card number of some sort. You can't however verify that it is valid or not stolen or than the money is in the account to pay for the goods.
Other than that use 3rd party.

I believe (though I'm no lawyer), that if a third party stored credit card numbers on your behalf and their database was insecure, they would be liable, as they are failing to secure the data.

As long as they agree as part of their terms of service to store this data and state they are responsible for securing it, that is - if, say, you created an account with a free database provider and stored credit card numbers without their knowledge, they probably wouldn't be liable.

I would recommend using a third party to handle e-commerce, and manage credit card transactions - it's too risky doing it yourself.

Adam