?
Solved

How to become a payment gateway.

Posted on 2010-09-23
15
Medium Priority
?
1,347 Views
Last Modified: 2013-11-29
Is it possible to become my own payment gateway? Like PayPal and Authorize.net?

I'm hosting secure servers and running coldfusion on a windows server 2003 OS.

What would be the steps to perform such a task?
0
Comment
Question by:FastEddie___
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +3
15 Comments
 
LVL 6

Expert Comment

by:Ryan Smith
ID: 33749696
can your server run php?

This software might be what your looking for.

http://www.alstrasoft.com/epay_enterprise.htm
0
 

Author Comment

by:FastEddie___
ID: 33750684
Thanks for the suggestion rorcalHelpDesk but that's not what I'm looking for. I can program those features myself. I'm interested in the actual business process need to become a payment gateway. What is actually needed?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 33774852
Technically, yes you could become a payment gateway.

The question is why would you?

Do you have redundant/clustered servers?

Do you have backup power?

Have you read PCI-DSS standards and do you believe you can meet them?

Are  you ready to pay the price when (not IF, but WHEN) your system is compromised?
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 22

Assisted Solution

by:neeraj523
neeraj523 earned 500 total points
ID: 33775844
Hello

Theoretically, yes.. you can setup your own payment gateway. But this will need to follow complex steps to get ready to launch your service.. few steps which i can recollect immediately

1. Hardware Infrastructure: You have to procure hardware resource to run your payment services. You will need high end cluster servers with full backup support and contingency plans in place
2. Software development: This is something i believe you can do yourself if you technical background. But your software should be well tested and bug free since a small glitch can cost big money
3. Security: Ofcourse SSL will be basic thing which can be used for secure communication. But there many other aspects like following PCI standards for handling payment information etc which need to be addressed. Security of your hardware and software hacking is another thing which has to be addressed
4. Processing payments: This is going to be the heart of your service where you will have to tie up with various banks to use their payment processes to process payment requests. You will have to tie up with multiple payment processors to ensure continuity of service in case of problem at one bank's server or routing lines.
5. You have to setup charge back policy in case payer declines to pay for the transaction or fraud transactions.
6. Setting up system to get merchants paid for the collections from their customers.

above are few point to start with. There may be many more which will come on the way once you will start in this direction..

All the best
0
 

Author Comment

by:FastEddie___
ID: 33782188

Thank you so much for your resoponses.

@giltjr

The question is why would you?
Becasue I want to save money by not having to pay for paypal or authorize.net percentage on every transaction.

Do you have redundant/clustered servers?
No but my application server has reduncancy and clustering built into the framework. Moving to a clustered environment will not be a problem.

Do you have backup power?
My data center provides backup power.

Have you read PCI-DSS standards and do you believe you can meet them?
I have not read the PCI standards but other instituitions have met them so it's not impossible.

Are  you ready to pay the price when (not IF, but WHEN) your system is compromised?
I completely understand how important this is. I know I will be targeted but can take measures against it.

 ---------------------------------------------------------------------------

@neeraj523
1. Hardware Infrastructure:
I have a rack at a datacenter with basic dell servers. Not top of the line but suited for production applications. Currently have tape backup but will be replacing that with a hardware solution for CDP continuous data protection.

2. Software development
No problem there.

3. Security:
I have SSL on the server and am aware of the security risks.

4. Processing payments:
This is where most of  my ignorance lies and where I would like to gain any additional knowledge or rescources. Any links or references would be most helpful.
I looked into setting up a merchant account with my bank "Amegy Bank" and was completely surprised by the fees they charge. It's more than Paypal or Authorize.net. when taking everything into consideration.
That just blew me away. Surely there is some cost effective way of conducting eCommerece in your own behalf.

5. You have to setup charge back policy
This is something I have not thought about.

6. Setting up system to get merchants paid for the collections from their customers.
This seems to me like another relationship with banks but have no knowledge about it.


I'm a web developer and designer who is looking to create custom applications for small businesses.
Everyone wants to offer their product for sale on the internet and I want to be able to write the application, host their websites, and handle all eCommerce transactions for them. Possibly tieing into their current billing system.
Then when everyting is ready and secured I could offer payment processing services as a stand alone product.
What I'm trying to understand is the best (least expensive) way to start setting all of this up.
Basically I would like to become a very small, very targeted PayPal or Authorize.net.
Any advice, refernece material or suggestions is greatly appreciated.
 

 
0
 
LVL 57

Expert Comment

by:giltjr
ID: 33782424
True it is not impossible to become PCI-DSS compliant.  

However, you should start looking now.

Since you will be writing the gateway software yourself, you must meet the PCI-DSS Payment Application standards.

Since you are also going to be hosting the gateway/payment processing site, there is another standard you must meet the "standard" PCI-DSS standards.  Which there are multiple levels depending on how many transactions you plan to do.

And since you do not seem to control the data center they may need to meet certain parts of the standard PCI-DSS standards.

It could also take a LONG time to become compliant.  I know some places that have been working on becoming complaint for over two years.

It can be very expensive to get and stay complaint with just the standard PCI-DSS requirements, as in hundreds of thousands of dollars a year.  

I have no clue what it take to become meet and stay up with PCI-DSS PA standards.
0
 
LVL 29

Expert Comment

by:coreybryant
ID: 33784698
It would take at least a year to build a system.  This is something I would not recommend.  There are some great gateways (like Quantum) already built with fantastic features built in.
Plus you will need an acquiring bank to help you contact the transaction processors.  
What are you wanting to really accomplish?  For example, maybe a business to offer credit card processing?  If so, consider becoming a partner / reseller with an ISO / MSP - this will help you learn the business.  Once you learn the business, you will probably not want to build a gateway and leave that to the others.  For some ISO info, check out www.greensheet.com for some information.  You might also take a look at electronic payment gateways.
0
 
LVL 29

Accepted Solution

by:
coreybryant earned 500 total points
ID: 33784703
Sorry, the link on the electronic payment gateways did not go through: http://www.mymerchantaccountblog.com/electronic-payment-gateways
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 500 total points
ID: 33784749
>>The question is why would you?
>Becasue I want to save money by not having to pay for paypal or authorize.net percentage on every transaction.

Gateway services don't charge percentages.  They charge monthly minimums, per-transaction fees, and batching fees.

Your percentage-based fees are to the merchant services provider.  There are per-transaction fees, percentage fees, as well as other fees for revenue/profit and recovery of promotional fees.

So....you're saying that you want to be a one-man merchant service provider?  Even your little bank would not take on that amount of work.

If you have no CC experience, and no reputation in the banking/finance industry, you would find it hard enough to just partner up with a merchant service provider, much less become one yourself.  The best you can hope for is to negotiate the lowest rates possible based upon very high volumes.

"I have a rack of Dell servers"...well, who doesn't?  ;)

There are some things that be done in-house.  Rolling your own bank just isn't one of them.  Especially for the purposes of saving a fraction of a point in fees.
0
 
LVL 29

Expert Comment

by:coreybryant
ID: 33790907
Well the Quantum Gateway that I mentioned before does not charge a fee.  There are a few links on my profile page as well as the other link for the payment gateways.  You would need to be doing hundreds of thousands of transactions a month to justify the building of a electronic payment gateway
0
 
LVL 32

Expert Comment

by:aleghart
ID: 33791293
^ but none of that will remove the percentage fees and per trx fees for merchant services and promotion/brand fees charged by the card brands or issuers.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 500 total points
ID: 33791458
To be a gateway you still need to setup agreements with the companies that actually do the processing of the transactions and you still need to make agreements with the credit card companies to allow you to do this.

Becoming a gateway is more than just writing a few lines of code and setting up a secure environment.
0
 

Author Comment

by:FastEddie___
ID: 33792795
With enough time and money anything is possible in the application development world.

Unfortunately I only have the former and not enough of the latter.

This has been a very informative inquiry. I hope you all are okay with splitting points.

Quantum sounds like a step in the right direction untill the PCI compliance is finished and until I can better undersand the dynamics with the banks and credit card companies.
Thanks to everyone for your responses. I truly appreciate it.



0
 

Author Closing Comment

by:FastEddie___
ID: 33792975
Thank you
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question