Do I have to go to a different site for payment?

[baritoneuk]

Hello.

I am going to have a go at making a shopping cart from scratch using php and mysql. I'd rather have complete control over the product.

I don't want to store credit card details on the database as this is not secure, and the same goes for emailing the details too.

I've looked at PayPal and WorldPay. PayPal seems much cheaper. However both require the customer going over to the paypal/worldpay (customised to make it look like it is still your shop) and fill in payment details.

What I would ideally like is for the customer to have an account with the shopping cart with address stored on there and a way for taking credit/debit cards without having to go to a 3rd party site. Is this possible?

[jestep]

Quote:

I am going to have a go at making a shopping cart from scratch using php and mysql. I'd rather have complete control over the product.

I don't want to store credit card details on the database as this is not secure, and the same goes for emailing the details too.

I've looked at PayPal and WorldPay. PayPal seems much cheaper. However both require the customer going over to the paypal/worldpay (customised to make it look like it is still your shop) and fill in payment details.

What I would ideally like is for the customer to have an account with the shopping cart with address stored on there and a way for taking credit/debit cards without having to go to a 3rd party site. Is this possible?

Best of luck with your shopping cart. My company resorted to exactly the same thing because of the same reasons.

The two systems that I know of, that will allow your customers to remain on your website are authorize.net AIM, and Verisign. Since you are in the UK, I'm not sure if you will be able to get setup with either of these systems. I think that Verisign may have the ability to use some offshore or international providers, but its very uncommon, so it may take some research to find a provider.

Other than these and possible a few others that I just cant think of, most payment gateways will require you to transfer your visitors to a 3rd party site. Its more of a security reason than anything else.

[nottheusual1]

It's based on the same tools you are going to use, a bunch of good works are already available, it has an enormous community, and it's esy to do your own hacks.

We are using it on about 10 stores with 3 more coming up next month.

Worth the look.

:not_the_usual1

[supernatural_247]

you can always just set it up to transmit the data to you in an email and then once you've punched in the card number on your terminal or on the company's website, delete the email...

[rondo]

Paypal has a new merchant account service which allows you to accept payment info without sending your customer to the paypal site.
Looks good.

[Corey Bryant]

Check out Website Payments Pro

Almost all payment gateways (Protx, LinkPoint, PSIGate, Verisign's Payflow, Authorizenet.com, etc) will provide an API to capture and process credit card data on your secure website.