Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1394
  • Last Modified:

How to become a payment gateway.

Is it possible to become my own payment gateway? Like PayPal and Authorize.net?

I'm hosting secure servers and running coldfusion on a windows server 2003 OS.

What would be the steps to perform such a task?
0
FastEddie___
Asked:
FastEddie___
  • 4
  • 3
  • 3
  • +3
4 Solutions
 
Ryan SmithSr. Systems EngineerCommented:
can your server run php?

This software might be what your looking for.

http://www.alstrasoft.com/epay_enterprise.htm
0
 
FastEddie___Author Commented:
Thanks for the suggestion rorcalHelpDesk but that's not what I'm looking for. I can program those features myself. I'm interested in the actual business process need to become a payment gateway. What is actually needed?
0
 
giltjrCommented:
Technically, yes you could become a payment gateway.

The question is why would you?

Do you have redundant/clustered servers?

Do you have backup power?

Have you read PCI-DSS standards and do you believe you can meet them?

Are  you ready to pay the price when (not IF, but WHEN) your system is compromised?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
neeraj523Commented:
Hello

Theoretically, yes.. you can setup your own payment gateway. But this will need to follow complex steps to get ready to launch your service.. few steps which i can recollect immediately

1. Hardware Infrastructure: You have to procure hardware resource to run your payment services. You will need high end cluster servers with full backup support and contingency plans in place
2. Software development: This is something i believe you can do yourself if you technical background. But your software should be well tested and bug free since a small glitch can cost big money
3. Security: Ofcourse SSL will be basic thing which can be used for secure communication. But there many other aspects like following PCI standards for handling payment information etc which need to be addressed. Security of your hardware and software hacking is another thing which has to be addressed
4. Processing payments: This is going to be the heart of your service where you will have to tie up with various banks to use their payment processes to process payment requests. You will have to tie up with multiple payment processors to ensure continuity of service in case of problem at one bank's server or routing lines.
5. You have to setup charge back policy in case payer declines to pay for the transaction or fraud transactions.
6. Setting up system to get merchants paid for the collections from their customers.

above are few point to start with. There may be many more which will come on the way once you will start in this direction..

All the best
0
 
FastEddie___Author Commented:

Thank you so much for your resoponses.

@giltjr

The question is why would you?
Becasue I want to save money by not having to pay for paypal or authorize.net percentage on every transaction.

Do you have redundant/clustered servers?
No but my application server has reduncancy and clustering built into the framework. Moving to a clustered environment will not be a problem.

Do you have backup power?
My data center provides backup power.

Have you read PCI-DSS standards and do you believe you can meet them?
I have not read the PCI standards but other instituitions have met them so it's not impossible.

Are  you ready to pay the price when (not IF, but WHEN) your system is compromised?
I completely understand how important this is. I know I will be targeted but can take measures against it.

 ---------------------------------------------------------------------------

@neeraj523
1. Hardware Infrastructure:
I have a rack at a datacenter with basic dell servers. Not top of the line but suited for production applications. Currently have tape backup but will be replacing that with a hardware solution for CDP continuous data protection.

2. Software development
No problem there.

3. Security:
I have SSL on the server and am aware of the security risks.

4. Processing payments:
This is where most of  my ignorance lies and where I would like to gain any additional knowledge or rescources. Any links or references would be most helpful.
I looked into setting up a merchant account with my bank "Amegy Bank" and was completely surprised by the fees they charge. It's more than Paypal or Authorize.net. when taking everything into consideration.
That just blew me away. Surely there is some cost effective way of conducting eCommerece in your own behalf.

5. You have to setup charge back policy
This is something I have not thought about.

6. Setting up system to get merchants paid for the collections from their customers.
This seems to me like another relationship with banks but have no knowledge about it.


I'm a web developer and designer who is looking to create custom applications for small businesses.
Everyone wants to offer their product for sale on the internet and I want to be able to write the application, host their websites, and handle all eCommerce transactions for them. Possibly tieing into their current billing system.
Then when everyting is ready and secured I could offer payment processing services as a stand alone product.
What I'm trying to understand is the best (least expensive) way to start setting all of this up.
Basically I would like to become a very small, very targeted PayPal or Authorize.net.
Any advice, refernece material or suggestions is greatly appreciated.
 

 
0
 
giltjrCommented:
True it is not impossible to become PCI-DSS compliant.  

However, you should start looking now.

Since you will be writing the gateway software yourself, you must meet the PCI-DSS Payment Application standards.

Since you are also going to be hosting the gateway/payment processing site, there is another standard you must meet the "standard" PCI-DSS standards.  Which there are multiple levels depending on how many transactions you plan to do.

And since you do not seem to control the data center they may need to meet certain parts of the standard PCI-DSS standards.

It could also take a LONG time to become compliant.  I know some places that have been working on becoming complaint for over two years.

It can be very expensive to get and stay complaint with just the standard PCI-DSS requirements, as in hundreds of thousands of dollars a year.  

I have no clue what it take to become meet and stay up with PCI-DSS PA standards.
0
 
coreybryantCommented:
It would take at least a year to build a system.  This is something I would not recommend.  There are some great gateways (like Quantum) already built with fantastic features built in.
Plus you will need an acquiring bank to help you contact the transaction processors.  
What are you wanting to really accomplish?  For example, maybe a business to offer credit card processing?  If so, consider becoming a partner / reseller with an ISO / MSP - this will help you learn the business.  Once you learn the business, you will probably not want to build a gateway and leave that to the others.  For some ISO info, check out www.greensheet.com for some information.  You might also take a look at electronic payment gateways.
0
 
coreybryantCommented:
Sorry, the link on the electronic payment gateways did not go through: http://www.mymerchantaccountblog.com/electronic-payment-gateways
0
 
aleghartCommented:
>>The question is why would you?
>Becasue I want to save money by not having to pay for paypal or authorize.net percentage on every transaction.

Gateway services don't charge percentages.  They charge monthly minimums, per-transaction fees, and batching fees.

Your percentage-based fees are to the merchant services provider.  There are per-transaction fees, percentage fees, as well as other fees for revenue/profit and recovery of promotional fees.

So....you're saying that you want to be a one-man merchant service provider?  Even your little bank would not take on that amount of work.

If you have no CC experience, and no reputation in the banking/finance industry, you would find it hard enough to just partner up with a merchant service provider, much less become one yourself.  The best you can hope for is to negotiate the lowest rates possible based upon very high volumes.

"I have a rack of Dell servers"...well, who doesn't?  ;)

There are some things that be done in-house.  Rolling your own bank just isn't one of them.  Especially for the purposes of saving a fraction of a point in fees.
0
 
coreybryantCommented:
Well the Quantum Gateway that I mentioned before does not charge a fee.  There are a few links on my profile page as well as the other link for the payment gateways.  You would need to be doing hundreds of thousands of transactions a month to justify the building of a electronic payment gateway
0
 
aleghartCommented:
^ but none of that will remove the percentage fees and per trx fees for merchant services and promotion/brand fees charged by the card brands or issuers.
0
 
giltjrCommented:
To be a gateway you still need to setup agreements with the companies that actually do the processing of the transactions and you still need to make agreements with the credit card companies to allow you to do this.

Becoming a gateway is more than just writing a few lines of code and setting up a secure environment.
0
 
FastEddie___Author Commented:
With enough time and money anything is possible in the application development world.

Unfortunately I only have the former and not enough of the latter.

This has been a very informative inquiry. I hope you all are okay with splitting points.

Quantum sounds like a step in the right direction untill the PCI compliance is finished and until I can better undersand the dynamics with the banks and credit card companies.
Thanks to everyone for your responses. I truly appreciate it.



0
 
FastEddie___Author Commented:
Thank you
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now