If you wish to take debit card or credit card payments on your website you will require a payment gateway. Payment gateways are simply data processing programmes that are designed to process card data securely. The programme collects credit card data and transmits it securely to the card issuing bank for authorisation. The bank will either authorise or decline the payment, and it returns a message to the payment gateway; this will either contain an authorisation code or a payment declined statement.
The Payment Gateway is integrated with the merchant’s website and most providers offer merchants a choice of integration options. The easiest of these is a payment page that is hosted by the provider; this is linked to the merchant’s shopping cart so that when the customer checks out, she is redirected to the payment page where she enters her card details. The advantage of this is that as the merchant doesn't collect or access card details directly, he doesn't need PCI DSS security accreditation. The disadvantage is that the customer leaves the merchant’s website to pay.
An alternative solution for merchants who do have PCI DSS accreditation is to fully integrate the payment gateway with their websites. This is referred to as API (Application Programming Interface) integration and provides a better shopping experience for the customer; it also gives the merchant the opportunity to use the data in other compliant applications such as accounting, stock control, and marketing.
Different payment gateways offer APIs in different programming languages. Generally SDKs (software development kits) that include multiple integration platforms are made available to developers. PHP is one such platform and one that is readily accessible to developers who have some experience in PHP. However don’t underestimate the difficulties and complexities of the task; unless you are a competent PHP developer get some help from or hire one who is.
The usual approach is to carry out the integration using a sandbox account which gives you the opportunity to thoroughly test the application before going live. Generally you can obtain a sandbox account from your chosen gateway provider without the need to have PCI DSS compliance; you only need it once you start accepting real payments.
Developing your application
You will find that all payment gateway providers have a comprehensive tool kit to assist with the integration process. The first step is to download the appropriate SDKs and libraries along with detailed instructions and protocols that you must follow. In essence the process itself is simple. You create a form for securely collecting and encrypting card data and other details which are posted securely to the card issuing bank for authorisation, but of course the devil is in the detail.
Payment Gateways that offer PHP Integration
PayPal is one of the easiest gateways to integrate with PHP, You will need a Website Payments Pro account and available APIs include Direct Payments, Express Checkout, recurring payments, and fraud management filters. PayPal provides a full tool kit along with extensive documentation and examples.
A PayPal Website Payments Pro merchant account costs £20 a month and card processing charges are up to 2.9% plus 20p.
Stripe provides and extensive range of APIs for several platforms of which PHP is one option. Others include Python, Ruby, Java, and iOS. Extensive documentation is provided and there is significant online help.
A Stripe merchant account is free to set up an processing fees are 2.4% plus 20p a transaction.
Sage Pay has several integration options including java, .net and PHP. For developers who wish to avoid the complexities of full integration, iFrame integration is also available. Here customers stay on your website, but enter payment details directly to the Sage Pay servers via an iFrame on your website.
SagePay charges from £19.90 a month inclusive of 350 transactions, additional transactions are 12p each. Credit card processing charges are from 1.99%.
Payment Express offers several integration options including ASP/VB; Coldfusion; and PHP along with extensive examples of sample code.
Payment Express charges from $25 a month inclusive of 175 transactions; card processing costs are provided on an individual basis only.
The Omnipay Library
For developers who wish to investigate and alternative approach, Omnipay is a PHP payment processing library with a fully tested API and example applications. The advantage is that you need only understand a single API and you can use it with many different gateways including those mentioned above.
There are many factors to consider when choosing a merchant account, and checkout integration is just one of them. If you would like more detailed information, please complete our web form and you will be contacted by several providers with quotations tailored to you individual business requirements.