Solved

How to become a payment gateway.

Posted on 2010-09-23
15
1,306 Views
Last Modified: 2013-11-29
Is it possible to become my own payment gateway? Like PayPal and Authorize.net?

I'm hosting secure servers and running coldfusion on a windows server 2003 OS.

What would be the steps to perform such a task?
0
Comment
Question by:FastEddie___
  • 4
  • 3
  • 3
  • +3
15 Comments
 
LVL 6

Expert Comment

by:Ryan Smith
Comment Utility
can your server run php?

This software might be what your looking for.

http://www.alstrasoft.com/epay_enterprise.htm
0
 

Author Comment

by:FastEddie___
Comment Utility
Thanks for the suggestion rorcalHelpDesk but that's not what I'm looking for. I can program those features myself. I'm interested in the actual business process need to become a payment gateway. What is actually needed?
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Technically, yes you could become a payment gateway.

The question is why would you?

Do you have redundant/clustered servers?

Do you have backup power?

Have you read PCI-DSS standards and do you believe you can meet them?

Are  you ready to pay the price when (not IF, but WHEN) your system is compromised?
0
 
LVL 22

Assisted Solution

by:neeraj523
neeraj523 earned 125 total points
Comment Utility
Hello

Theoretically, yes.. you can setup your own payment gateway. But this will need to follow complex steps to get ready to launch your service.. few steps which i can recollect immediately

1. Hardware Infrastructure: You have to procure hardware resource to run your payment services. You will need high end cluster servers with full backup support and contingency plans in place
2. Software development: This is something i believe you can do yourself if you technical background. But your software should be well tested and bug free since a small glitch can cost big money
3. Security: Ofcourse SSL will be basic thing which can be used for secure communication. But there many other aspects like following PCI standards for handling payment information etc which need to be addressed. Security of your hardware and software hacking is another thing which has to be addressed
4. Processing payments: This is going to be the heart of your service where you will have to tie up with various banks to use their payment processes to process payment requests. You will have to tie up with multiple payment processors to ensure continuity of service in case of problem at one bank's server or routing lines.
5. You have to setup charge back policy in case payer declines to pay for the transaction or fraud transactions.
6. Setting up system to get merchants paid for the collections from their customers.

above are few point to start with. There may be many more which will come on the way once you will start in this direction..

All the best
0
 

Author Comment

by:FastEddie___
Comment Utility

Thank you so much for your resoponses.

@giltjr

The question is why would you?
Becasue I want to save money by not having to pay for paypal or authorize.net percentage on every transaction.

Do you have redundant/clustered servers?
No but my application server has reduncancy and clustering built into the framework. Moving to a clustered environment will not be a problem.

Do you have backup power?
My data center provides backup power.

Have you read PCI-DSS standards and do you believe you can meet them?
I have not read the PCI standards but other instituitions have met them so it's not impossible.

Are  you ready to pay the price when (not IF, but WHEN) your system is compromised?
I completely understand how important this is. I know I will be targeted but can take measures against it.

 ---------------------------------------------------------------------------

@neeraj523
1. Hardware Infrastructure:
I have a rack at a datacenter with basic dell servers. Not top of the line but suited for production applications. Currently have tape backup but will be replacing that with a hardware solution for CDP continuous data protection.

2. Software development
No problem there.

3. Security:
I have SSL on the server and am aware of the security risks.

4. Processing payments:
This is where most of  my ignorance lies and where I would like to gain any additional knowledge or rescources. Any links or references would be most helpful.
I looked into setting up a merchant account with my bank "Amegy Bank" and was completely surprised by the fees they charge. It's more than Paypal or Authorize.net. when taking everything into consideration.
That just blew me away. Surely there is some cost effective way of conducting eCommerece in your own behalf.

5. You have to setup charge back policy
This is something I have not thought about.

6. Setting up system to get merchants paid for the collections from their customers.
This seems to me like another relationship with banks but have no knowledge about it.


I'm a web developer and designer who is looking to create custom applications for small businesses.
Everyone wants to offer their product for sale on the internet and I want to be able to write the application, host their websites, and handle all eCommerce transactions for them. Possibly tieing into their current billing system.
Then when everyting is ready and secured I could offer payment processing services as a stand alone product.
What I'm trying to understand is the best (least expensive) way to start setting all of this up.
Basically I would like to become a very small, very targeted PayPal or Authorize.net.
Any advice, refernece material or suggestions is greatly appreciated.
 

 
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
True it is not impossible to become PCI-DSS compliant.  

However, you should start looking now.

Since you will be writing the gateway software yourself, you must meet the PCI-DSS Payment Application standards.

Since you are also going to be hosting the gateway/payment processing site, there is another standard you must meet the "standard" PCI-DSS standards.  Which there are multiple levels depending on how many transactions you plan to do.

And since you do not seem to control the data center they may need to meet certain parts of the standard PCI-DSS standards.

It could also take a LONG time to become compliant.  I know some places that have been working on becoming complaint for over two years.

It can be very expensive to get and stay complaint with just the standard PCI-DSS requirements, as in hundreds of thousands of dollars a year.  

I have no clue what it take to become meet and stay up with PCI-DSS PA standards.
0
 
LVL 29

Expert Comment

by:coreybryant
Comment Utility
It would take at least a year to build a system.  This is something I would not recommend.  There are some great gateways (like Quantum) already built with fantastic features built in.
Plus you will need an acquiring bank to help you contact the transaction processors.  
What are you wanting to really accomplish?  For example, maybe a business to offer credit card processing?  If so, consider becoming a partner / reseller with an ISO / MSP - this will help you learn the business.  Once you learn the business, you will probably not want to build a gateway and leave that to the others.  For some ISO info, check out www.greensheet.com for some information.  You might also take a look at electronic payment gateways.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 29

Accepted Solution

by:
coreybryant earned 125 total points
Comment Utility
Sorry, the link on the electronic payment gateways did not go through: http://www.mymerchantaccountblog.com/electronic-payment-gateways
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 125 total points
Comment Utility
>>The question is why would you?
>Becasue I want to save money by not having to pay for paypal or authorize.net percentage on every transaction.

Gateway services don't charge percentages.  They charge monthly minimums, per-transaction fees, and batching fees.

Your percentage-based fees are to the merchant services provider.  There are per-transaction fees, percentage fees, as well as other fees for revenue/profit and recovery of promotional fees.

So....you're saying that you want to be a one-man merchant service provider?  Even your little bank would not take on that amount of work.

If you have no CC experience, and no reputation in the banking/finance industry, you would find it hard enough to just partner up with a merchant service provider, much less become one yourself.  The best you can hope for is to negotiate the lowest rates possible based upon very high volumes.

"I have a rack of Dell servers"...well, who doesn't?  ;)

There are some things that be done in-house.  Rolling your own bank just isn't one of them.  Especially for the purposes of saving a fraction of a point in fees.
0
 
LVL 29

Expert Comment

by:coreybryant
Comment Utility
Well the Quantum Gateway that I mentioned before does not charge a fee.  There are a few links on my profile page as well as the other link for the payment gateways.  You would need to be doing hundreds of thousands of transactions a month to justify the building of a electronic payment gateway
0
 
LVL 32

Expert Comment

by:aleghart
Comment Utility
^ but none of that will remove the percentage fees and per trx fees for merchant services and promotion/brand fees charged by the card brands or issuers.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 125 total points
Comment Utility
To be a gateway you still need to setup agreements with the companies that actually do the processing of the transactions and you still need to make agreements with the credit card companies to allow you to do this.

Becoming a gateway is more than just writing a few lines of code and setting up a secure environment.
0
 

Author Comment

by:FastEddie___
Comment Utility
With enough time and money anything is possible in the application development world.

Unfortunately I only have the former and not enough of the latter.

This has been a very informative inquiry. I hope you all are okay with splitting points.

Quantum sounds like a step in the right direction untill the PCI compliance is finished and until I can better undersand the dynamics with the banks and credit card companies.
Thanks to everyone for your responses. I truly appreciate it.



0
 

Author Closing Comment

by:FastEddie___
Comment Utility
Thank you
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Pick image, show data 4 33
Problem to Popup 37 78
modify h2 4 8
Cordova Camera plugin fails 2 15
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Every business owner understands the significance of online customer reviews and the impact it can have on sales and revenues. With technology advancing at such a rapid pace, getting online reviews has never been easier, especially when many regions…
The viewer will learn how to count occurrences of each item in an array.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now