How to become a payment gateway.

can your server run php?

This software might be what your looking for.

http://www.alstrasoft.com/epay_enterprise.htm

Thanks for the suggestion rorcalHelpDesk but that's not what I'm looking for. I can program those features myself. I'm interested in the actual business process need to become a payment gateway. What is actually needed?

Technically, yes you could become a payment gateway.

The question is why would you?

Do you have redundant/clustered servers?

Do you have backup power?

Have you read PCI-DSS standards and do you believe you can meet them?

Are  you ready to pay the price when (not IF, but WHEN) your system is compromised?

Thank you so much for your resoponses.

@giltjr

The question is why would you?
Becasue I want to save money by not having to pay for paypal or authorize.net percentage on every transaction.

Do you have redundant/clustered servers?
No but my application server has reduncancy and clustering built into the framework. Moving to a clustered environment will not be a problem.

Do you have backup power?
My data center provides backup power.

Have you read PCI-DSS standards and do you believe you can meet them?
I have not read the PCI standards but other instituitions have met them so it's not impossible.

Are  you ready to pay the price when (not IF, but WHEN) your system is compromised?
I completely understand how important this is. I know I will be targeted but can take measures against it.

 ---------------------------------------------------------------------------

@neeraj523
1. Hardware Infrastructure:
I have a rack at a datacenter with basic dell servers. Not top of the line but suited for production applications. Currently have tape backup but will be replacing that with a hardware solution for CDP continuous data protection.

2. Software development
No problem there.

3. Security:
I have SSL on the server and am aware of the security risks.

4. Processing payments:
This is where most of  my ignorance lies and where I would like to gain any additional knowledge or rescources. Any links or references would be most helpful.
I looked into setting up a merchant account with my bank "Amegy Bank" and was completely surprised by the fees they charge. It's more than Paypal or Authorize.net. when taking everything into consideration.
That just blew me away. Surely there is some cost effective way of conducting eCommerece in your own behalf.

5. You have to setup charge back policy
This is something I have not thought about.

6. Setting up system to get merchants paid for the collections from their customers.
This seems to me like another relationship with banks but have no knowledge about it.


I'm a web developer and designer who is looking to create custom applications for small businesses.
Everyone wants to offer their product for sale on the internet and I want to be able to write the application, host their websites, and handle all eCommerce transactions for them. Possibly tieing into their current billing system.
Then when everyting is ready and secured I could offer payment processing services as a stand alone product.
What I'm trying to understand is the best (least expensive) way to start setting all of this up.
Basically I would like to become a very small, very targeted PayPal or Authorize.net.
Any advice, refernece material or suggestions is greatly appreciated.
 

 

True it is not impossible to become PCI-DSS compliant.  

However, you should start looking now.

Since you will be writing the gateway software yourself, you must meet the PCI-DSS Payment Application standards.

Since you are also going to be hosting the gateway/payment processing site, there is another standard you must meet the "standard" PCI-DSS standards.  Which there are multiple levels depending on how many transactions you plan to do.

And since you do not seem to control the data center they may need to meet certain parts of the standard PCI-DSS standards.

It could also take a LONG time to become compliant.  I know some places that have been working on becoming complaint for over two years.

It can be very expensive to get and stay complaint with just the standard PCI-DSS requirements, as in hundreds of thousands of dollars a year.  

I have no clue what it take to become meet and stay up with PCI-DSS PA standards.

It would take at least a year to build a system.  This is something I would not recommend.  There are some great gateways (like Quantum) already built with fantastic features built in.
Plus you will need an acquiring bank to help you contact the transaction processors.  
What are you wanting to really accomplish?  For example, maybe a business to offer credit card processing?  If so, consider becoming a partner / reseller with an ISO / MSP - this will help you learn the business.  Once you learn the business, you will probably not want to build a gateway and leave that to the others.  For some ISO info, check out www.greensheet.com for some information.  You might also take a look at electronic payment gateways.

Well the Quantum Gateway that I mentioned before does not charge a fee.  There are a few links on my profile page as well as the other link for the payment gateways.  You would need to be doing hundreds of thousands of transactions a month to justify the building of a electronic payment gateway

^ but none of that will remove the percentage fees and per trx fees for merchant services and promotion/brand fees charged by the card brands or issuers.

With enough time and money anything is possible in the application development world.

Unfortunately I only have the former and not enough of the latter.

This has been a very informative inquiry. I hope you all are okay with splitting points.

Quantum sounds like a step in the right direction untill the PCI compliance is finished and until I can better undersand the dynamics with the banks and credit card companies.
Thanks to everyone for your responses. I truly appreciate it.

Thank you