Working with Backend E-commerce Payments Online

by in Development on 20th May 2011 · Comments

Taking payments online is a process which has been around for over a decade. It's common place these days to order anything you'd like online, practically no hassle! Modern society takes these options for granted as the amount of private e-commerce solutions has grown dramatically.

Security is always top priority in these cases, even more so than with a blog launch. Your database will hold personal client information which can be disastrous if hacked. Through the many trials and tribulations e-commerce systems provide a fulfilling duty at the end of the day. Not to mention bringing in a hefty cash crop.

Working with Backend E-commerce Payments Online


Below I've gone into a few tips for dealing with backend e-commerce online. The many systems and tools available for webmasters make the task even easier. Ultimately it is your choice how to implement a payment system, yet the end result is always utmost customer satisfaction.

Payment Processing Companies

Companies which provide basic tools for processing payment will save you loads of time. These are often external third party companies which you can create an account and offer a checkout system through their servers. Most of the information and submission forms work on their end instead of within your website.

Paypal eBay Advertising Buses
Image credit: kimberlyblessing

The downfall of PPCs comes with a surprising lack of customization. When you have other web applications processing payment information offsite it's easy to lose control of the process. For smaller businesses this would be a godsend to relieve both stress and time off your average workday. However for the more advanced websites you may find the generic-ness lackluster in aesthetics.

The second benefit of working with PPC systems means the money will be in your account almost instantly. With examples such as PayPal the client may simply link to their account and the money is instantly transferred! This isn't always the case however, as some companies require credit card validation and hold payments for 2-3 days at a time.

The Checkout Process

Under the many e-commerce CMS solutions you'll find breeds of different checkout systems. PHP developers have gone above and beyond to create the most stable and bug-free systems for webmasters to utilize. The uniform nature of a checkout system makes it easy to replicate and implement in different ways.

Shopping Cart Rows
Image credit: carworld

The brief outline below is a classic example of what to expect. For those web developers out there this may give you a stronger idea of how to construct a custom written system.

  • Shopping Cart - This is the virtual basket which users carry with them from page to page. It holds all of their current order status and quantity intact, often without an account. A staple feature for any e-commerce system.
  • Checkout - Here is where the custom either signs up for a new account or logs into an existing file. Your database will hold information such as shipping address, first and last name, gender, and e-mail address. Namely the Interspire Shopping Cart provides a great example of an ajax-based checkout process.
  • Order Payment - The visitor is often given a chance to review their entire order at this stage. This includes quantity and pricing for single items and total net level. Ideally if the user has a PayPal or Google Checkout account this would make the payment process extremely simple.
  • Confirmation - After the processing is completed the user should be re-directed back to your website. The API (Application Programming Interface) for many of these payment systems allows you to include a redirection URL. Here you can present the order confirmation ID again with the total price. If your system allows you may also e-mail the customer a copy of their confirmation info.

PCI Compliance

The larger portion of open source e-commerce systems will support PCI compliance. The Payment Card Industry Data Security Standard offers a host of rules which must be adhered do by merchant corporations. These specifically target transactions which result in credit and debit card payments.

Washington Capitol Regulations
Image credit: fmorgen

Now these rules are not solely in place for Internet based companies. All merchant stores must comply to these rules. All merchants does include all e-commerce solutions, thus most websites taking credit card information will be required to comply. The PCI DSS is very specific about terms for storing personal data and processing information.

Generally it's a better option to not store data locally and hand all transactions over to the banking system. This saves your database loads of space without needing to catalog personal client information. On a darker tone if your website or server was jeopardized the possible damage or stolen info would be severely reduced.

To comply with PCI standards you must answer a few questions and fill out some forms about your business. Their website offers a brief walkthrough along with some Q&A for beginners. Regardless of your processing methods it may be a good idea to familiarize yourself with some of their regulations. However it is entirely possible to bypass the system with digital suppliers including PayPal, Google Checkout, or AlertPay.

API vs. External

The question ultimately comes down to choosing how your visitors will be working with payments. Acquiring money from each customer's purchase is a required step in the e-commerce system. It's how any great business will actually earn their money.

The two most generic choices range from all-in-one Payment Processors or an API integration. Allowing for payment through Google Checkout will generally re-direct the client to a new page for information input. This offsite information is secure and only contacts Google, inc. This means no customer information is shared or stored onto your site database.

PayPal Point Sale Merchant App
Image credit: niallkennedy

Similarly there is the opportunity to combine external payments with onsite API integration. For developers out there I recommend studying into merchant accounts. Many popular websites offer them and you can even sell affiliate products through such companies as Amazon. If you are willing to handle client input I highly recommend researching a bit into proper database design for clean and elegant websites.

This not only keeps client records personal but it allows you to store many bits of secondary data. After a user successfully pays for their purchase through a 3rd party gateway you may transmit some POST data back to your website. This allows web developers to integrate customer information into their order and save details within the site database. You may then create systems such as site recommendations and Wish Lists.

Implement Secure Connections

SSL is the tool commonly used to encrypt data from your website onto the server. Information such as credit card numbers and order ID numbers should always be kept top-secret. 256 bit encryption is the most secure of them all, which is highly recommended if you're running a custom e-commerce solution.

Cash Register Digital Payments
Image credit: mindfire

For systems such as Google Checkout they often check against their own SSL certificates. This saves you a lot of money in the long run. It really is good practice to encrypt all pages in your site to properly hide visitor data from snooping hackers.

SSL certificates range in pricing from $30.00 on the low end up to well over $600.00USD. It can get very expensive to protect your website, but you never know when it may save your business and customer privacy. I recommend looking into your profits to see how much security in your SSL certificates you can really afford.

Money Credit Card
Image credit: picturejockey

A special certificate called a wildcard can be used in most circumstances. For the right price you can place an SSL lock on all sub-domains to your website and track visitor analytics. To get started implementing a secure system just review some of our guidelines and browse around Google for a trustworthy certificate provider.

Conclusion

This brief overview has explained the e-commerce backend system a bit in detail. It's tough to figure out how to secure your new system or which framework would be the most affordable. Even many of the open source projects today offer amazing support. WP e-commerce is one of the best up-to-date and free plugins on the market for WordPress users.

Processing services through such famous names as PayPal immediately grants your website authority. Visitors know they can trust PayPal and their payment verification is done within a matter of seconds. The PayPal developer sandbox includes a large set of documentation if you'd like to jump right in. Similarly the Google Checkout API offers a host of resources and a community discussion forum.

If you know of any free e-commerce systems which boast a large number of security features, feel free to share links in the comments section below. With so many projects available it's difficult to wade through them all and pick a winner. Your customers will ultimately be looking for ease in usability, sleek layout design, and secure payment processing for their orders.

Jake Rocheleau is a web designer and social media enthusiast. He enjoys keeping up with the latest tech gossip and gadgets, always on the curve of new technology and standards. His favorite digital topics of study include color theory, best design practices, and typography.