online payment and SSL

I am building ecommerce site, just need to know what else for payment verification, SSL. I need a step to do, to register, and also information of payments to support paypal, credit card, etc. Please give any links or advice what steps to do which i cannot miss in order to have a good ecommerce site.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kyle AbrahamsSenior .Net DeveloperCommented:
It depends on how you're actually integrating with your gateway provider.  I'm going through something similiar . . . our choice was to completely redirect to paypal's site so that we wouldn't have to keep track of all of the credit card compliance issues.  If you even transmit the CC# (eg, take it on your form and then pass it to paypal or your provider)  you fall under PCI.
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
What have you done so far.

1) You need a shopping cart.  This is really a database of your products and a way to store what items people have chosen.

2) Once they choose their items, they are ready to pay.  This is where you will use paypal or register with a traditional payment processor (your bank) to accept visa m/c, amx.  

3) You will submit the card member info and amount to a gateway most likely chosen by your processor.  If you use paypal, then they have their own gateway and api's.  Another popular one is

4) You will need to build code to accept a call back from the gateway to determine if the sale went through or not.

There are plenty of shopping carts out there . is free.  There are choices that host everything for your like

If you are not used to programming and have never tried making a cart, you are really best using something that is already proven like the links I have given you.  It sounds like it should be easy but is pretty complex as you get into it.

You will need certificate to install on your server.   Most shared hosts have this available through their partners to make it easy.   A certificate will cost about $50 per year on the low end.  

I hope this helps.
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - ConsultantCommented:

The link below has got all the information you need.

Where is the merchant located?  This is the first question that needs to be answered since each country has their own merchant account provider.  

In the US, there are probably over 100 providers and then thousands of agents - most providers rely on the agents to sell the merchant accounts.  The providers will splits the monthly residual with the agent and the provider (fortunately) handles all tech support.

For the Internet Merchant Account, companies can charge anywhere between $5.00 - $50.00 per month. The their is the payment gateway, which can run between $10.00 - $100.00 or even more.  Some will give you free transactions, and then charge you $.10-$.20 per transaction.  Some will not charge you any.  Then some accounts, will have a monthly minimum, between $15.00 - $25.00.  Let say you process $500 that month and have a 2.5% discount rate. That is $12.50, which the provider will charge you $2.50.  The discount rate is 2.09% and $0.20 for each transaction and $8.00 a month, with a free gateway, so if you do not do any transactions, all you will be charged is $8.00.

Most also charge an AVS fees (most companies change $0.05 - so if you do a lot of transactions, this could be a big savings, 5 transactions a day is about $180.00 savings), a Batch fee (saving about $90.00 a year), and an ACH fee (saving about $60.00 a year).  The company above for US merchant does not charge

The gateway is free - offers recurring billing at no charge, will store the credit card number at no charge.  In the Virtual Terminal, you can activate MaxMind GeoIP, DialVerify, and MSC/VBV.  No extra coding and no extra fees - this will help eliminate a lot of chargebacks electronically, saving you time.  

Some also have a monthly minimum. For example, let's say your discount rate is 2.5% and you do $500.00 that month - that comes out to $12.50, so they will charge you $2.50 to meet that.  Most US providers have it set up so they get around $40.00 - $50.00 a month from the merchants.

Also, if you have good credit, most providers will approve you unless you are on the TMF / MATCH list. If you think you will be approved by a provider, they will give you a free gateway account so you can test the code, etc.
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
coreybryant brings up good points about fees.  Shopping for a merchant account can be like shopping for a car...  all seem similar and different prices, but it is the out the door costs you need to look at.   Every processor pays the same fees to visanet.  The difference of what you pay vs what they pay is profit.  Some fee structures have higher discount rates with less monthly fees and others have lower discount rates but other fees attached.  Companies like square just take a high average and make one simple rate.    

When comparing rates, you can't just take the quoted discount rates at face value.  I get right to the point and just ask to have a contract sent.  They all use the same format and all the rates will be spelled out.

However, there is still an unknown that never seems to get written into the contract and that is the card type.  There are actually multiple discount rates based on the card type.  A debit card will have the lowest discount rate, then the mid tier is "qualified" and higher tier is "non qualified" and then mix in card present vs non present.  A qualified card will typically be a traditional visa or master card.  A non qualified card could be an affinity or  "miles" card or business account.  The reason is the miles people earn are paid for by the increased discount rate to the merchants.   My guess the reason for business cards having the higher rate could be the amount of fraud or non authorized charges.  In any case, qualified vs non qualified can be a gray area.

The end result is if you are quoted a rate like 1.8% your net effective rate after fees could very well be in the 2.1 to 2.5%+ range.    Also take into consideration your volume.  If you are doing $50,000 in charges per year having a rate of 2.1% or 2.4  does not mean as much as if you are doing $500,000 per year or more.

Currently, it seems like intuit has some of the lowest rates.   This is a very competitive space and there will always be somebody asking to see your past statements so they can match or beat your current pricing.  Again, remember your volume, if you are doing $2k or $4K per month there is not much room to play.  I stay with vendors I trust and don't mess around with jumping ship for .1% difference.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.