My web site is hosted by a server at my ISP.

As the server would not be secure, I will have to find a 3rd party to process credit cards.

It seems that ALL processing would have to be done at the 3rd party's site, with transaction results returned to me somehow.

Of course, a shopping cart would also be convevient and, I guess processed at the 3rd party's site.

Looking at info for PayPal, it seems that PayPal might offer these capabilities, and I could download the transactions to my PC to pracess any way I wish.

I might even be able to use PayPal's API to rub programs frm my PC to download info from PayPal.

Is the above correct?
Are there better alternatives?

You would want to do all the cart processing at PayPal. And whatever you do, don't download people's credit card numbers to your personal machine. If someone breaks into your house or hacks your PC, guess who's liable for those numbers? Let those with the experience, resources and machines secured do the heavy weight lifting for you.

PayPal will redirect the user to their site (very secure) to a page that you can customize to look similar to your other pages. You set up an account with them so they know where to deposit your money. The good part is they handle all of the security issues. Of course there are many other options out there too, but PayPal is relatively inexpensive and very easy to set up.
Unless you have a very secure server and your own security certificate, you probably don’t want anything on your own machine. And if I were a potential customer, those are things I would expect from you before giving you my critical credit card info.

if you use a shopping cart app like ZenCart it will use the paypal api to track the payment process from your paypal account.

I've had many successful comments from my clients who have used this exact setup.

My problem with PayPal is where does the line get drawn.

Since I have no control over the server my ISP uses to host my web site, I sure am not going to do credit card processing at my end.

But, I am confused about a few things.

For example:

1. It is my understanding that I would need a certificate to encrypt buttons.
Do I place the certificate on my ISP's unsecure server, or does the certificate get placed on PayPal's servers?

2. From what I have read so far, if custom fields are used, then PayPal will not encrypt the buttons. Iz that so?

3. I purchased 3 PayPal books: PayPal for Dummies, PayPay Hacks, and Pro PayPal E-Commerce.

I just started reading the Pro PayPal E-Commerce, and it is clear that a number of things have changed since the other 2 books were published. For example, there is now a PayFlow Gateway, whatever that is (have not yet read that part of the book).

4. One issue that I do not yet understand is how to use the PayPal provided shopping cart, i.e., where do I put the "database" of items to be sold?

5. Also, can I just use VB 6 or VB/C# in .NET to read stuff at PayPal's web site to create reports on my own PC? Or do I have to download everything as, say, 1 or more CSV files and process as desired on my PC?

1. It is my understanding that I would need a certificate to encrypt buttons.
Do I place the certificate on my ISP's unsecure server, or does the certificate get placed on PayPal's servers?

You're not encrypting the buttons...you're encrypting the transmission of data from one point of entry to the other. In other words, from your website to PayPal's payment gateway. As far as the certificate, if I understand the question right, it'll be on PayPal's side completely.


2. From what I have read so far, if custom fields are used, then PayPal will not encrypt the buttons. Iz that so?

I don't know why you're worried about encrypting buttons?

4. One issue that I do not yet understand is how to use the PayPal provided shopping cart, i.e., where do I put the "database" of items to be sold?

Last time I used it, you simply added products via a store you created and then they gave you code to use on your website. Once people click the "AddtoCart" button, you went directly to PayPal.

5. Also, can I just use VB 6 or VB/C# in .NET to read stuff at PayPal's web site to create reports on my own PC? Or do I have to download everything as, say, 1 or more CSV files and process as desired on my PC?

I don't know why you couldn't, but I don't know how you interface with their API's. Haven't dealt much with PayPal. Maybe someone else knows.

You're not encrypting the buttons...you're encrypting the transmission of data from one point of entry to the other. In other words, from your website to PayPal's payment gateway. As far as the certificate, if I understand the question right, it'll be on PayPal's side completely.

The buttons need to be encryted so the HYMLcannot be copied and changed.

According to the Pro PayPal E-Commerce book, we can create our own certificates using, say,OpenSSL, but the appropriate certificate has to be uploaded to PayPal.



I don't know why you're worried about encrypting buttons?

See supra.


Last time I used it, you simply added products via a store you created and then they gave you code to use on your website. Once people click the "AddtoCart" button, you went directly to PayPal.

Yes, code has to be encrypted.

I've been using Paypal for years on my site and have never had an issue with them. When you make your buttons (theirs or yours) you have a choice to encrypt or not before you get the codes to add to your site.

boyko

I've been using Paypal for years on my site and have never had an issue with them. When you make your buttons (theirs or yours) you have a choice to encrypt or not before you get the codes to add to your site.

boyko

I'm leaning towards PayPal if only because I can more easily find out what I need to do,

In particular, the customer will have to send me registration info.
The info will be in a file created by the installed program.

I can automatically process the file and send back an email with the registration key.

Of course, I will need to download the transactions to verify that the customer has paid. It is my understanding that I can download CSV files from PayPal, and I can store the transaction info in a database. I will not store credit card info.

I think some important issues to address are:

1. How many transactions to anticipate on making daily/weekly/monthly.
2. How many products/services your will be selling.
3. Tax information (lots of things to consider with this)

These criteria can determine your approach to e-commerce. Obtaining a merchant account would be a great idea if you are expecting a decent amount of credit card transactions. It will cost you money up front, but the company that you work with will provide you with many options for setting up your payment methods.

When I consider purchasing products online, I am deterred by websites that use paypal. The first reason is that I feel that if they are a legitimate business that they would take the necessary measures to properly configure their credit card processing and not use a service such as paypal. I also know first hand that paypal can and will be exploited, especially in situations such as this where improper security measures may be overlooked. Making your customers feel secure is the first step in acheiving their business.

My 2 cents.

I think some important issues to address are:

1. How many transactions to anticipate on making daily/weekly/monthly.
2. How many products/services your will be selling.
3. Tax information (lots of things to consider with this)

These criteria can determine your approach to e-commerce. Obtaining a merchant account would be a great idea if you are expecting a decent amount of credit card transactions. It will cost you money up front, but the company that you work with will provide you with many options for setting up your payment methods.

When I consider purchasing products online, I am deterred by websites that use paypal. The first reason is that I feel that if they are a legitimate business that they would take the necessary measures to properly configure their credit card processing and not use a service such as paypal. I also know first hand that paypal can and will be exploited, especially in situations such as this where improper security measures may be overlooked. Making your customers feel secure is the first step in acheiving their business.

My 2 cents.

yes, but Paypal has a seemingly increasing share of the payments business, a number of sites include PayPal as an option even if they take creadit cards via another merchant card processor.

Another obstacle is the difficulty in finding out what is offered elsewhere.

In adition, the product I will be first announcing has the potention for very few or a huge number of buyers. I do not want to get locked into a contract with monthly fees, and cancellation penalties.

I've been using Paypal for years on my site and have never had an issue with them. When you make your buttons (theirs or yours) you have a choice to encrypt or not before you get the codes to add to your site.

boyko

My concern with PayPal is the ease, and frequency, of getting money out into a bank account.

If you write your own shopping cart I think you can just use Paypal's Express Checkout.

If you write your own shopping cart I think you can just use Paypal's Express Checkout.

I do not understand how this addresses my concern about getting money out.

You've asked quite a few questions in this thread - I was just trying to be generally helpful...........