how do i MAKE a payment gateway?
High Risk & Low Risk Merchat Services

how do i MAKE a payment gateway?

Question by TheHermit: how do i MAKE a payment gateway?
okay don’t be so quick to judge.. i understand its not easy and its gonna take a LOT of work.. but it seems like the internet doesnt want me to know the answer to that! i could find NO sources for this.. ok lemme split this questions into sub-questions so its easier to answer (..?)
* is there any reading material for this?
* how much investment are we talking here?
* is there a proper tutorial that gives any pointers?
* on a scale of one to ten how retarded do u think this question is.. as in how hard is this gonna be for a good PHP programmer (me)

thanks in advance!
and we could do without the wisecracks thank u!

Best answer:

Answer by Shedy G
if you that stupid why ask its a10

Know better? Leave your own answer in the comments!

Comment (4)

  • If you are a good php programmer then you would already know about the security issues involved. You would need to be expert in your DBMS as well be it MySQL or Microsoft SQL or any of the others. Overall it is actually a lot easier to just get a merchant account and use their gateway for the actual transactions.

    If you do a little research on things like osCommerce you will find that you can put up an online store in a matter of minutes and then plug in your merchant account and shipping info and you are good to go. Many of the merchant accounts out there offer a full API interface so you can store the customers credit card info and history in your own database and just feed them the info as you need to charge the customers for service or merchandise. This is great n the case of back ordered merchandise.

    Building your own gateway will probably take you several months if not years to write and get approved by the banking and financial world.

    if you are really looking to learn how to do it I would suggest taking a look at books and references involving transaction servers I saw a pretty good one yesterday.

    http://www.mysql.com/news-and-events/on-demand-webinars/solid-20070517.php

  • stymiee73 - April 9, 2014

    This isn’t a project you would write with PHP. You would need to use a higher level language such as C or C++. Something compiled that will be much faster and more robust then PHP. You can power your web based front end with PHP (i.e. user control panel) but the backend stuff, including payment processing, will need to be in the higher level language. You’ll also need an enterprise level database as open source databases could never handle a task like this. Basically you’re looking at using an Oracle database which is expensive but also designed for this sort of thing.

    There are no tutorials for this because this is a complex job. It’s about as complex as a project can get. That’s why you can’t find any documentation on it.

    Your first major issue will be PCI DSS compliance. This is the security practices dictated by the major credit card companies (Visa, MasterCard, Amex, Discover Card, JCB). It dictates how you will secure your data in terms of hardware, software, and practice. It is expensive to do and maintain. You will need to hire a company to certify your compliance on a regularly scheduled basis. Failing your certification can mean you get shut down.

    Your second major issue will be getting certified by the processing networks. To be a successful payment gateway you must be certified on every processing platform and there are at least 16 of them that I can think of off of the top of my head. Being certified takes about two months for each. You can do them simultaneously but you would be looking at at least a year to be certified on all of them. And each one has a different API so you will need to code your payment gateway to work with all of them.

    Your third major issue will be the data you store. Not only do you have the PCI DSS issues to deal with, but you will need to capture and store every transaction that runs through your system for years. That kind of data will require tons of storage space (that will also need to be secured).

    Your fourth major issue will be processing volume. A gateway must be able to perform transactions in a second or less. This means your hardware solutions must be able to scale for heavy traffic especially over the holiday season. It will need to be able to handle hundreds of transactions per second (thousands if you become successful). That is a big reason why you’ll need to use a higher level language over PHP.

    Your fifth major issue is that you will need to create a powerful yet easy to use API for web developers to use to connect to your payment gateway. They need to be able to do everything a credit card terminal can do through code. Documenting that should be fun! 😉

    Minor issues include:

    – Making sure you are ECI compliant (Electronic Commerce Indicator is required for all Internet transactions)

    – Securing all data transfer (SSL)

    – Offering a user control panel

    If you want to be successful you will also need to have the following in place:

    – Anti-fraud tools

    – Have a reseller program in place

    My estimations would say it would take 2 – 3 years to build your own payment gateway and get it up and running. That includes being PCI DSS certified, certified on every major processing platform, and to create your API. Costs would be around $ 250,000 as the developers you would need to write that kind of code will not be cheap plus you will have large infrastructure costs (hardware and software) just to run everything.

    Now you can see why nobody new enters this market.

  • My ex boss was kind of chasing the same ambitions that you are, however he had the monetary resources to realise his ambitions.

    I was involved in the project from day one so I kind of have an idea. Due to some constraints I cannot be specific however what I can do is point you to the right direction.

    1. Start by hiring consultants. Technology, Management and Finance. Likes of BCG, Accenture etc (www.bcg.com, http://www.accenture.com)

    2. Recruit a high end CTO who has past performance with Paypal etc. Use top notch head hunters. http://www.Heidrick.com, http://www.SpencerStuart.com

    3. By now you would’ve forged relationships with technology partners, consultants for compliances, management, financial and other issues and also have the executive management to plan out the roadmap.

    4. Develop your software. Developing it would cost you a fortune even if you hire in-house developers, so it’s best you outsource the development closely monitored by the CTO and in house Project Manager. Hiring to Pakistan is your best option. Some good outsourcing companies would be Netsol, MI Dynamics, Folio3 (http://www.netsolpk.com, http://www.midgr.com, http://www.folio3.com). Stay away from Indian outsourcing companies. They are horrible. Outsourcing to Eastern European countries and South American countries is also a good idea but there’s going to be ginormous language barrier. Pakistanis speak fluent English.

    5. Now comes the hardest part. Marketing! This is where your marketing team comes in so if you have the dough you got to hire the best.

    Tried to sum up the venture in 5 points so good luck.

    Send me my consultancy fees if you make it there 😉

  • Jesus M - April 9, 2014

    Use paypal shopping cart rather.