I use Braintree, and it's been great. -- dz
On Tue, Mar 8, 2011 at 4:40 PM, CLIFFORD ILKAY <clifford_il...@dinamis.com> wrote: > On 03/08/2011 09:59 AM, Bill Freeman wrote: >> >> And I can't resist recommending solutions that don't require your to touch >> the credit card number. If you never had it, you can't be responsible for >> compromising it. > > That is true. Most of the payment processors have some sort of hosted form > solution for that. However, there are significant limitations in those > hosted form solutions that may make them unsuitable in some situations. For > instance, we ran into one such limitation recently on a project where the > processor apparently doesn't provide any sort of "success" or "failure" > notification for zero dollar transactions. Why would you want a zero dollar > transaction you might be wondering? Our client was running a promotion where > some initial period was free after which the normal recurring fees would > kick in. Normally, there is an initial fee and recurring fees. Upon success > or failure on the normal initial fee, we'd get a callback to a view function > from the payment gateway which we'd need to complete the transaction. > Completion of the transaction consists of listing the product and updating > the user's dashboard with the transaction date and the expiry date for the > listing. With the zero dollar transaction, we never got a callback due so we > could do none of those things. We had to manually list the products and > update the user's dashboard for the successful transactions in that > scenario. > > To avoid creating a situation in the future where there would have to be > tedious and error-prone manual processing, we recommended to the client that > they don't offer "free initial period" promotions but instead charge some > nominal amount, even if it's one cent. "All listings one cent" doesn't have > quite the same impact as "Free listings" even though for all intents and > purposes, it's the same thing. We've discovered many other limitations like > that, small and large, that really makes the case for API-level integration, > in which case you'd have to go through a PCI compliance audit. By the way, > we've been through it multiple times. For the most part, it's perfunctory. > -- > Regards, > > Clifford Ilkay > Dinamis > 1419-3266 Yonge St. > Toronto, ON > Canada M4N 3P6 > > <http://dinamis.com> > +1 416-410-3326 > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
