Choosing a Payment Gateway

September 16, 2010

In my forthcoming “Effortless E-Commerce with PHP and MySQL” book (which is pretty much my only focus these days), I wanted to use two different payment systems. This was part of my overall approach of trying to present as big of a picture as possible as to what “e-commerce” is. For the book’s first example, I wanted to use PayPal. Many developers don’t like PayPal, but for customers, it’s the most recognizable name, and that’s critical when it comes to customers being comfortable spending money at a site. People traditionally think of PayPal’s as a system where the customer leaves the e-commerce site, goes to PayPal’s site, and hopefully returns to the original e-commerce site after making the purchase. This is formally called PayPal’s Website Payments Standard, and is demonstrated in my book. In that example, I make use of PayPal’s IPN (Instant Payment Notification) system, so that the site is notified as soon as the payment is made, whether or not the customer actually returns to the e-commerce site immediately thereafter. Tapping into IPN makes the use of PayPal more professional and reliable for the site itself.

For the second example in the site, I wanted to use a true payment gateway: a system that can be integrated into a site so that the customer never leaves. A secondary, but big, benefit of a payment gateway is that the funds get transferred to the site’s merchant bank account, instead of to a PayPal account. (To be clear, PayPal’s Website Payments Pro works as a payment gateway that can be integrated into a site, but I believe the funds still go into one’s PayPal account.) I’ve used several different gateways over the years, but rarely made the selection myself (normally it’s the client making the choice, based upon their merchant bank account). So I spent some time researching payment gateways to find the one that would be best for the book. Many readers also provided their recommendations (thanks!). Here’s how that search went for me…Authorize.net is one of the largest payment gateways, so it’s one of the first that I considered. I quickly ruled Authorize.net out, though, as another e-commerce with PHP and MySQL book uses both PayPal and Authorize.net for its examples (plus DataCash), and I wanted to distinguish my book from that one.

VeriSign was highly recommended to me, and VeriSign is the same company that’s one of the leaders in SSL and site security, so it has a good brand. But it turns out that VeriSign’s payment system was bought by PayPal (which became PayPal’s Website Payments Pro), so that was out. I then turned my attention to LinkPoint. LinkPoint was bought out by First Data, and is now called the First Data Global Gateway. I spent quite a bit of time working with this system in the hopes of using it in the book. The First Data Global Gateway has a number of great features, including all the basics plus tax and shipping calculators, advanced fraud protection, and so forth. On the other hand, the form for signing up for a test account is so simplistic it’s troubling and the documentation isn’t well organized. In fact, I did all the reading I could to distinguish between using the Global Gateway’s Web Services API and its Application API and couldn’t for the life of me see the difference. A phone call to their support team cleared the matter up, and it is nice to find that you can get a quick answer to questions from them. Another concern was that all their PHP code examples were copyright 2003. A few things have changed since then…

The problem with First Data Global Gateway is that it’s pretty complicated to set up. You need to install a certificate on your computer in order to access the WSDL file on the Global Gateway system. Then you to install several pieces of information on the server, to be used for communications. These requirements provide a high level of security, yes, but they’re too complex for the book. Back to the drawing board…

I did some more research, trying to find a good match. Elavon is well regarded, but as with many gateways, it’s hard to figure out what you need among the options. And, stunningly, one of the links on their site to learn more about their system generates an error due to the questionable validity of the HTTPS connection. Not a good sign.

So, I decided to use Authorize.net. The fact of the matter is that just because another book also discusses Authorize.net isn’t a reason not to use it in mine. In fact, if Authorize.net is a good solution, and it is, it’d be inappropriate not to use it. At the end of this process, I’m happy with the decision I made. Authorize.net is easy to integrate, secure, quite usable, and has all the standard features. I hope you’ll like the results as well!