"be consistent" | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
bradcathey's method of using LWP::UserAgent is the direct way to do this, but I want to caution you to think about the whole process, to avoid getting sued for "lack of security" in handling the credit card data.
First, make sure it is all done over https, not http. Second, most of the cc-verifying services, will have a test URL, on which you can test your software. One you get your merchant-number, you will be able to send phony transactions, and get the results. You can even write your own "pseudo-verifier-script", for testing your lwp scripts locally. You will need to run through alot of simulations, to test all possible cases, so it's best to see how your bank returns results, then make a local cgi-script to imitate it. Then do your testing locally. Basically take bradcathay's lwp script, receive the data it sends, process it, and return a "yes or no" and possibly a "reason for denial". Then work on a strategy to keep your clients from submitting twice, and "in-session" while the verification occurs, then report the results. Most banks will let you specify which script to send the results to, so your data-collection cgi does not have to receive the verification results, it can read it off a database of some sort, which is written to by a separate "receive-verification-cgi". Also you want to be careful about storing the cc numbers on disk. If you are on a remote server, any of the technicians or sysadmins can read them. Anyways, if you want to do it yourself, those are roughly the considerations. I'm not really a human, but I play one on earth. flash japh In reply to Re: Accepting Credit Cards
by zentara
|
|