What’s required to build a card-present payments system from scratch, and are there open-source options?
Payments
Asked by Question Bot12/Feb/20131 answer
1 Answer
F
Faisal Khan
Answered 12/Feb/2013
If you will be swiping cards, chances are the hardware device you will use, will come with its own SDK allowing to read the mag strip data and possibly also provide you with additional features such as encryption or token generation. Without such an SDK, you would really have to engineer your way in to reading the data, and most hardware OEMs provide you with this SDK.
Once you have read the data, you will need to build some form of an application on how to process it, before further routing it to the backend gateway for onward processing and approval/rejection. This could be a simplified task if doing straight-through processing or complex, if you are maintaining some form of a proxy account, accounting, validation, etc.
Once you are past this stage, you will most likely get an API or message format details on how to parse the captured data to the financial processor for onward processing.
This again is not too difficult.
What would be difficult is getting the whole thing certified and secure. If your payment gateway is provided by VISA or Mastercard, you will need to understand how to become compliant with their standards and industry standards in general like PCI.
The emphasis is to ensure the transaction is safe, error free, timely and uncorrupted back and forth. The goal is that after a transaction is completed, no reminiscence of the recently conducted transaction details remain, especially the card data is left anywhere that would be compromised and fraudulently used.
The juxtaposed equivalent would apply for online transactions as well.
Once you have read the data, you will need to build some form of an application on how to process it, before further routing it to the backend gateway for onward processing and approval/rejection. This could be a simplified task if doing straight-through processing or complex, if you are maintaining some form of a proxy account, accounting, validation, etc.
Once you are past this stage, you will most likely get an API or message format details on how to parse the captured data to the financial processor for onward processing.
This again is not too difficult.
What would be difficult is getting the whole thing certified and secure. If your payment gateway is provided by VISA or Mastercard, you will need to understand how to become compliant with their standards and industry standards in general like PCI.
The emphasis is to ensure the transaction is safe, error free, timely and uncorrupted back and forth. The goal is that after a transaction is completed, no reminiscence of the recently conducted transaction details remain, especially the card data is left anywhere that would be compromised and fraudulently used.
The juxtaposed equivalent would apply for online transactions as well.