On 03/08/2011 09:59 AM, Bill Freeman wrote:
And I can't resist recommending solutions that don't require your to touch the credit card number. If you never had it, you can't be responsible for compromising it.
That is true. Most of the payment processors have some sort of hosted form solution for that. However, there are significant limitations in those hosted form solutions that may make them unsuitable in some situations. For instance, we ran into one such limitation recently on a project where the processor apparently doesn't provide any sort of "success" or "failure" notification for zero dollar transactions. Why would you want a zero dollar transaction you might be wondering? Our client was running a promotion where some initial period was free after which the normal recurring fees would kick in. Normally, there is an initial fee and recurring fees. Upon success or failure on the normal initial fee, we'd get a callback to a view function from the payment gateway which we'd need to complete the transaction. Completion of the transaction consists of listing the product and updating the user's dashboard with the transaction date and the expiry date for the listing. With the zero dollar transaction, we never got a callback due so we could do none of those things. We had to manually list the products and update the user's dashboard for the successful transactions in that scenario.
To avoid creating a situation in the future where there would have to be tedious and error-prone manual processing, we recommended to the client that they don't offer "free initial period" promotions but instead charge some nominal amount, even if it's one cent. "All listings one cent" doesn't have quite the same impact as "Free listings" even though for all intents and purposes, it's the same thing. We've discovered many other limitations like that, small and large, that really makes the case for API-level integration, in which case you'd have to go through a PCI compliance audit. By the way, we've been through it multiple times. For the most part, it's perfunctory.
-- Regards, Clifford Ilkay Dinamis 1419-3266 Yonge St. Toronto, ON Canada M4N 3P6 <http://dinamis.com> +1 416-410-3326 -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
