Processing Credit Card Payments
There are three ways to process credit card payments for an online store.
- Real-time payment gateway
- Non-real-time payment processor
- Capture the order then process the order transaction offline
Before going further, it's important to note that there is quite a bit of risk involved in using the third method. Any time you come into contact with someone’s credit card data you are assuming responsibility for that information even if it is over the phone to complete an order in-house. If the customer's credit data gets stolen or compromised by an employee you are exposed to possible legal action. For this reason Cartweaver 4 NEVER stores credit cart data, and neither should the merchant. If you are completing order transactions in-house it is recommended you put in place a billing or PO system of some sorts. If you are going to be taking credit card data, it is highly recommended that you let the cart hand this off to a payment gateway and be done with it.
Gateway or Processor
Your choice of payment methods and vendor are set in the Cartweaver Setup server behavior. Here you designate which method you will be using, Gateway or Payment Processor, and the vendor you will be using. The vendors currently available for Cartweaver are; Gateways – Authorize.Net (AIM) and PayPal Payflow Pro; Payment Processors – PayPal and WorldPay Select Junior.
How Real-Time Gateways Work
Gateways process credit card transactions in-line. As an order is processed, Cartweaver sends the credit card details to the gateway. While the gateway verifies the credit card transaction, Cartweaver waits for a response. After the gateway responds Cartweaver continues processing the rest of the order based on the result of the credit card transaction. If a transaction fails for whatever reason (bad card number, incorrect expiration date, etc.), then an error is displayed to the user and they are given the opportunity to enter new credit card information. If the transaction is successful, then the order is immediately written to the database.
For real-time gateways, although Cartweaver 4 supports a number of them, and with more being added as time goes on, our recommended gateway provider is Authorize.Net
How Non-Real-Time Payment Processors Work
Payment processors process the transaction in a completely separate space from the application. The page code, including gateway code, is processed all at once. The parameters are passed to the gateway either via FORM submittal or HTTP Post and the order is written to the database without regard to what happens at the payment processor.
With non-real-time processors, the data must be written to the database and marked as pending. Some payment processors (such as PayPal and WorldPay) can send a response to your application after the payment has cleared through a call back or post in order to automatically mark an order as paid. If your payment processor does not support this method, then orders must be manually marked as paid after receiving the transaction results from the payment processor via email.
For Payment Processors, our recommended provider is PayPal