无需 Google Checkout / Amazon / Paypal 的信用卡处理
如果我想直接处理付款而不通过 Google / Amazon / Paypal,我该怎么做?是否有 Java API 或一些参考实现来展示如何做这样的事情,或者它真的那么大和复杂,我需要选择一个提供商,例如 Google 或 Amazon?
我目前使用 Google Checkout,因为实施相当简单,我可以轻松生成包含我想要的任何信息的报告。如果我在内部实施该解决方案,无论如何我都可以直接访问所有这些信息。
If I would like to process payments directly without going through Google / Amazon / Paypal, how would I go about that? Is there a Java API or some reference implementation that shows how to do such a thing or is it really that large and complicated that I need to choose a provider such as Google or Amazon?
I currently use Google Checkout as the implementation is fairly straightforward and I can easily generate reports with whatever information I want. If I implemented the solution internally, I would have direct access to all that information anyway.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我从未使用过 Google Checkout 或 PayPal API 来处理付款。如果有一种方法可以绕过“接触”信用卡信息的任何部分并将其外包给他们的网络界面,那么您会想要这样做,除非有明确的原因,我将在下面解释。
在“推出自己的”信用卡支付网关之前,您必须考虑一些注意事项。
首先,这仅用于内部吗?意思是,它会用于非商业内部使用吗?我问的原因是因为如果这是一个商业产品,那么您将必须经过 PA -DSS 认证(以前称为 PABP 或支付应用程序最佳实践)。这是因为 VISA 要求其收单机构和商户只能使用 PA-DSS/PCI 兼容软件。因此,这就迫使软件开发商必须开发合规的软件。要获得正式认证并列入 PA-DSS 列表,您必须向外部审核员(例如 Verizon Business)支付高额费用Cybertrust 完全符合 PA-DSS 标准。给您一个粗略的数字,您的审计费用可能约为 15,000 美元。
这一切都取决于您的应用程序和环境的结构。我们使用 ICVERIFY(现归 First Data 所有)进行信用卡处理。 ICVERIFY 4.0.3 已在批准列表中。由于我们的申请涉及信用卡的 Track1、2、3、PAN、到期日期等,因此我们也必须获得批准。繁荣 - 每年向 PCI 安全委员会支付 15K 的“上市”费用。
我们的应用程序通过 REQ-ANS 文件接口与 ICVERIFY 进行交互,非常简单。它并不昂贵,并且可以同时与多个客户合作。如果您决定走这条路,我建议您使用 ICVERIFY。
如果您没有理由通过应用程序或服务器处理信用卡,那么我建议您将信用卡处理“外包”给 PayPal、Google 或其他一些较大的实体,然后仅收到费用已成功处理的确认消息。如果您具备这种能力,这将使您的生活变得更加轻松。
I have never used Google Checkout or PayPal API for processing payments. If there is a way you can get around 'touching' any part of the credit card information and outsourcing to their web interfaces, you would want to unless there is a distinct reason why and I will explain below.
There are some considerations you must take before 'rolling your own' credit card payment gateway.
First, will this be used for in-house only? Meaning, will it be for non-commercial, in-house use? The reason I ask is because if this is intended to be a commercial product, then you will have to undergo PA-DSS certification (formerly PABP or Payment Application Best Practices). This is because VISA has mandated to their acquirers and merchants to only use PA-DSS/PCI compliant software. Therefore, it forces the software developers to develop compliant software. To be officially certified and on the PA-DSS list, you will have to pay a hefty fee to an outside auditor such as Verizon Business Cybertrust to become fully PA-DSS compliant. To give you a rough figure, it will probably cost you around $15,000 for an audit.
This all is dependent on how your application and environment is structured. We use ICVERIFY (which is now owned by First Data) for Credit Card processing. ICVERIFY 4.0.3 is on the approved list. Since our applications touch Track1,2,3, PAN, exp date, etc of the Credit Card, we also had to get approved. Boom - there goes 15K and a yearly 'listing' fee with the PCI Security Council.
Our applications interface with ICVERIFY through their REQ-ANS file interface and it is very simple. It is not expensive and can work with multiple clients at the same time. I recommend you use ICVERIFY if you decide to go this route.
If there is no reason for you to process credit cards through your application or server, then I suggest you 'outsource' the credit card processing to PayPal, Google, or some other larger entity and just get the confirmation message that the fee was processed successfuly. This will make your life much easier if you have this capability.
无论如何,您都需要一个提供者。
您有两种选择:
谷歌等的优点是初始成本很低。您只需为每笔交易付费,他们处理大部分流程等。他们实际上是您和商家帐户之间的中间人。缺点是每笔交易成本较高。
如果您进行大量交易,像 Authorize.net 这样的正版处理商会是更好的选择,因为按月付费(并且建立自己的商家帐户而不是依赖另一家公司的帐户),您的每笔交易成本会更低。您还可以更好地控制流程,包括按照您认为合适的方式处理欺诈预防。
You'll need a provider no matter what.
You have two options:
The upside of Google etc. is that the initial costs are minimal. You pay only per transaction, they handle most of the process, etc. They're effectively middlemen between you and a merchant account. The downside is that the per-transaction costs are higher.
If you're doing lots of transactions, a genuine processor like Authorize.net will be a better deal, as for a monthly fee (and having set up your own merchant account instead of piggybacking on another company's) you get lower per-transaction costs. You also have more control over the process, including handling fraud prevention as you see fit.
Stripe 有一个 Java 库,无需通过第三方提供商即可接受信用卡:https://github.com/stripe/stripe-java
查看 文档和常见问题解答,随意使用如果您还有其他问题,请访问我们的聊天室。
Stripe has a Java library to accept credit cards without going through a third party provider: https://github.com/stripe/stripe-java
Check out the documentation and FAQ, and feel free to drop by our chatroom if you have more questions.
看一下 jPOS。他们提供 AGPL 许可的开源社区版本以及具有某种商业许可的专业版本。
您应该考虑阅读 PCI 数据安全标准规范和 ISO 8583 在您自行处理或存储任何信用卡信息之前。
Take a look at jPOS. They offer an AGPL-licensed open source community edition as well as a professional edition with some sort of commercial license.
You should consider reading the PCI Data Security Standard specification and ISO 8583 before processing or storing any credit card information on your own.