Redundant Credit Card Processing Solution? 86
RokaMoka asks: "As I type this, I'm on hold with Verisign Payment Services, our (only) merchant services provider. I run several e-commerce sites, and how shall I say... 'tis the season. At the moment, VPS is totally down, and I am losing thousands of dollars per hour. Does anyone have any experience in designing and supporting e-commerce solutions with multiple vendors for CC processing? What other networks are out there, and what has been the customer experience with them? What should the strategy be, load-balance or fail-over?"
SLA (Score:4, Informative)
Do you have a service level agreement? If not, you might want to look into negotiating one.
Re:SLA (Score:2)
Re:SLA (Score:2)
Me? (Score:2)
Re:Me? (Score:2)
Re:Me? (Score:2)
Re:Me? (Score:2)
Dunno about the parent but I have a couple clients that do that right now.
The commonality is they all have federal industry regulations mandating a maximum of 4 hours downtime (which is impossible for one company to truly deliver in the real world).
It's no big deal really. Just two bills every month instead of one and a few extra steps when doing site updates.
Re:Me? (Score:2)
SLAs don't put fingers on the hand (Score:2)
Huh? (Score:5, Funny)
What would Larry Flynt do? (Score:2)
Queue the Transactions (Score:5, Insightful)
BTW: I would not ship anything until I successfully authorized and charged the CC.
Re:Queue the Transactions (Score:5, Funny)
Re:Queue the Transactions (Score:2)
Re:Queue the Transactions (Score:1)
Re:Queue the Transactions (Score:1)
And what happens when that data gets comprimised? I really would get pretty pissed off if I found out my vendor was storing my CC info on its boxes -- no need. Can't authorize, too bad. Try again later. I don't think VISA would be too happy about that practice...
Encrypt the credit card info (use non-symmetrical encryption). Store the private key on a box not connected to the internet at large. Transfer the encrypted numbers to the secure machine. Decrypt. If you don't want to transfer them unencrypte
Re:Queue the Transactions (Score:1)
Re:Queue the Transactions (Score:2)
Re:Queue the Transactions (Score:1)
Having said that, you can certainly authorize the charge, which I would strongly recommend.
Re:Queue the Transactions (Score:1)
Re:Queue the Transactions (Score:1)
Load balance or failover? (Score:3, Insightful)
Eh? (Score:5, Insightful)
They will guarantee a much higher level of service than going through some 3rd party.
If you need to, hire someone to hook your mechant account to your web sites. Simple as that, you got the money.
Re:Eh? (Score:4, Interesting)
No kidding, I hardly make 'thousands of dollars per hour' but I can afford a merchant account and the interface linkpoint [linkpoint.com] provides is great.
Its more about not wasting a huge % of each sale on the fees these middleman guys charge just to process a card. Places like regnow.com charge near 20% of your sale last I checked. Get a merchant account and its a mere 2.9% + 35c per transaction or so.
Re:Eh? (Score:1)
Think of an Internet payment gateway as a card swipe machine for your web site.
Re:Eh? (Score:2)
I use Verisign payflow pro.
I definately *DO* have my own merchant accounts. One with Visa/MC, one with Discover, and one with Amex. All Verisign does is act as an online terminal for internet transactions. I.E. the internet equivalent of the hardware credit card machines normal b
Get your own system (Score:4, Insightful)
This is when people realize that the lowest bidder is not always the best choice.
Authorize.net (Score:3, Informative)
Authorize.net [authorize.net]
Re:Authorize.net (Score:2, Informative)
Having said that, 99.0% of the time they're up, and their support is ok.
Good Question (Score:1)
Load Balacing (Score:4, Insightful)
As I type this I have a client who's CC processing has been down nearly 24 hours, and has resorted to a dial backup solution. Not exactly the way to process 5000+ orders a day. And to top it off they sent out a special email offer to 500,000 subscribers this morning, so they're dying as we speak, and if it's not resolved in the morning we may be switching providers in a hurry. Thank the stars that they choose their own provider...
Ignore the posts talking about why you don't need this, and SLA's. No SLA is going to replace lost revenues, and anyone who doesn't have a backup plan in place is just waiting to get burned.
Re:Load Balacing (Score:1)
Re:Load Balacing (Score:1)
Do it yourself... (Score:4, Informative)
This may be the only option. At a very high level, this would require two things. First that you have a merchant account with the various CC companies. Depending on what kind of business you are in, this could be very easy, or very hard. More difficult would be the software itself. You "talk to" the CC company through one of a few Processor networks.. And those networks only allow certified systems to talk to them, and getting a system certified is, I suspect, close to impossible.
Fortunatly, there are more then a few libraries/servers. RedHat once had such a system, and based on their referral, I once played with MCVE, from Main Street Software [mainstreetsoftworks.com]. I left the job before anything came of the project; I diddnt go very far with it, but it was infinitly better then a Java system, whose name I dont remember, that I also played with (Dammit, its Java. I should be able to run it under Linux just fine, asshats.)
MCVE bindings are included in stock PHP, which I think is a reasonable vote of confidence.
While doing it yourself would not really remove the SPOF, it would bring it under your control. While the system you build may be technically less secure then one of the third-party-processors, it would also be a smaller target. Your own system wouldnt be effected by a vendetta DDOS against a TPP.
I think, in the grand scheme of things, that the politics of getting merchant accounts with the CC companies would be easier then the technical implementation.
Re:Do it yourself... (Score:3, Informative)
Linkpoint [linkpoint.com] integrates nicely with PHP and many other platforms. Its fairly easy to get set up with merchant account do the CC processing yourself. The fees are much lower that way as well.
Paypal is my backup (Score:4, Informative)
It's true that there are some regions and/or users who are unable or unwilling to use paypal. However there are also some users who would prefer to use it when given the chance. So they cancel each other out in my opinion.
Paypal is easy to set up and they have an automatic notification system that you can hook into to fufill all your needs.
Have several options for payment... (Score:4, Interesting)
I know this is tangentially off the direct question, but just wanted to point out there are alternatives, and it doesn't hurt to offer them to your customers, and it's easy enough to do as well.
Re:Have several options for payment... (Score:1)
Re:Have several options for payment... (Score:2)
Currency valuation swings are part of doing business. I'm sure that you're bemoaning the collapse of the gold standard, yet have no clue whatsoever about the many, many bad effects commodity-backed currency.
The commissions that you will pay in the process of doing business with "real" money fill far exceed whatever you are losing in the dollar.
Re:Have several options for payment... (Score:1)
Pick Me! (check your email) (Score:1)
That allows for realtime swapping of payment providers (in the case of failure) in a way that is transparent to the merchant.
We have the ability to geolocate and cluster such that we are always reachable in the event of one server being down etc...
a few comments (Score:2, Insightful)
To those posters who thing that "thousands of dollars per hour" is large enough to justify processing credit cards yourself, that is really not a large number. $1000
Having a second credit card processor
Re:a few comments (Score:2)
Change processors (Score:5, Insightful)
First off, Verisign being totally down is completely unacceptable. Demand a refund for the service outage.
Second, why the hell are they totally down? The system that I work with (one of several owned by Fifth Third) is never completely down. We have three access methods; dial, SSL, and non-SSL TCP/IP. It's rare for one of them to have problems, virtually impossible for all of them to get hosed at once. We run on Tandems, which allow for "buddy" process running in seperate CPUs where the secondary takes over if the primary has a hardware problem; we have redundant access to our disk drives so that we can always get to the data. We also have a voice-menu system that you can use to authorize (not a good plan for e-commerce, but I figured if I was plugging the company I work for, why not?). Hell, we even have two identical systems in widely seperated locations! If you can't get through to us, you've probably got bigger things to worry about because there's been a major natural disaster.
Third, WTF did they change during the holiday season that blew up their system? We have a concept called "peak season freeze". Basically, we change *NO* software or hardware between mid-November and the end of September, except emergency fixes for things that are totally broken, and even that is rare.
Fourth, the guy who said you should running your own credit card processing solution is an idiot. He obviously does not know how the credit card processing world works and has never attempted a certification with one of the credit networks.
--Ender
PS I'll go write up an explanation of how the credit card processing world works in my journal now, so that you can go educate yourselves on the basics.
Re:Change processors (Score:1)
For Credit card processing?
You're joking right?
Re:Change processors (Score:2)
--Ender
Re:Change processors (Score:1, Interesting)
During 2000, the acquirers dropped PCConnect (I think it was) in favour of FTP as PCC wasn't y2k compliant. So, now, all your batched card payments are transferred to the CC via FTP.
Sure its all private LAN type stuff, or VPN of course, to write-only directories. (and Amex doesn't even tell you whether your transfer has succeeded - you have to wait til the
Re:Change processors (Score:1)
Basically, we change *NO* software or hardware between mid-November and the end of September
So your systems are locked-down-no-changes for ten months of the year? That's a hell of a long "peak season".
Re:Change processors (Score:1)
No, he just wrote the post last month, and so wasn't allowed to apply the patch to change "September" to "December".
Re:Change processors (Score:3, Interesting)
Sometime in about the past week, the entirety of the Fifth Third Bank [53.com] website changed. Looks like they decided to roll out all a whole new look-and-feel, while mucking up the login procedures again.
So as long as you're boosting your employer, I'll knock 'em down a bit:
Why the fuck would you change something broad like the entire user interface during the busiest time of the year? And what's the gig with the tiny fonts?
But that's not all, no sir: Dispite all of its newness, the new
Re:Change processors (Score:2)
Simple CC Vaidation (Score:2, Insightful)
We rely on monitoring the sites, and if there is a problem, switch from the processor to a simple CC capture. We would have to process the orders by hand, but we would only lose the sales that occur between the event of failure, and the switchover.
The key is knowing of a failure, and switching over.
As far as having two gateways/processors. This will be tough. You could have two of each, and just switch to the other one if the ot
Re:Simple CC Vaidation (Score:1)
Work it into the e-commerce platform... (Score:2)
Ogone (Score:2)
Re:Ogone -- what's in a name (Score:1)
Sam:"It's o'gone!"
Ogone.com
"Leave your money with us."
No thanks.
Why don't you send me the card numbers by e-mail ? (Score:2)
PAYMENT GATEWAY (Score:1)
As mentioned earlier, the company I work for sells the use of a payment gateway.
Where I work we have redundancy via the fact that we can process via any provider depending on the merchants requirements (we can rollover to a different provider in the case of failure). Basically the merchant can integrate for one API and the rest is magic.
If a merchant wanted fallover in case our serve
If you're losing thousands of dollars per hour... (Score:1)
Have the user enter his CC info on YOUR site, don't redirect him to the merchant site. This has the added bonus that you can save the
Re:If you're losing thousands of dollars per hour. (Score:1)
Seriously, I am trying to do self processing at a small shop. Just trying to get the store online with CC payments, and in store charge accounts... But everyone I have talked to says that unless your using a payment gateway to process the credit cards, it is a lawsuit waiting to happen. They say PGP emails are not good enough, and storing them on the server might be illegal or considered negligance.
What shopping cart software do you propose to use for this type of CC sto
One Solution (Score:1)
http://www.TrustCommerce.Com
TrustCommerce experience? (Score:2)
Re:TrustCommerce experience? (Score:2)
I've been using TrustCommerce for a small site for several months, and I'm now implementing a large site with them. I've had no problem with their payment gatew
Slightly OT - Small business CC Processing (Score:1)
Re:Slightly OT - Small business CC Processing (Score:1)
I'm no expert though. I just know I've seen the machines in recent memory.
Re:Slightly OT - Small business CC Processing (Score:2)
Re:Slightly OT - Small business CC Processing (Score:1)
Seems your solution is obvious, isn't it? (Score:2)
So, one perso
CC Processing (Score:2)
First we always used a payment gateway system these used dialup or 56k leased lines to the processor. I know that using the internet for transport is attractive because of low costs however since you have accepted the use of an "unreliable transport" for your CC authorization traffic to your merchant account you have essentially no recourse wh
Paypal works well (Score:2, Informative)
I also like authorize.net they are very reliable and good tech support.
I used to use verisign (Score:2)
Re:I used to use verisign (Score:1)
Re:I used to use verisign (Score:2)
Load Balancing CC Processors (Score:1)
It's a great method for not only avoiding blackouts when a gateway goes down, but also for load-balancing chargeback rates if you sign up with multiple banks as well.
Interestingly enough, sometimes a climbing chargeback rate means we send *more* traffic their way... thus increasing the d