0

I'm about to work with a bank to set up a self hosted payment form. Their requirements and documentation makes sense so far.

On my end of the database I don't record sensitive data such as credit card details.

Question:

I have created a field in my users table called paid, which will contain either a 1 or 0

Should that be enough for the bank?

I'm assuming its like pay-pal where you can put a link inside to run after payment is approved. My script would simply update the - paid - field with a 1 if the payment was a success. ELSE if the payment were not a success it would update with zero and send email to staff and user etc...

Is that the simplicity of it or am I missing something?

durron597
  • 31,968
  • 17
  • 99
  • 158
jonnypixel
  • 327
  • 5
  • 27
  • I don't know about the bank, but I would want to have some indication that an attempt was made to get paid, whether it was successful or not, and if not what the error/status message was. – ahillman3 Dec 15 '11 at 02:59
  • Unless you sell one product at one price, it would also be a good idea to log how much the user paid and for what product, and at what date. – Allen Z. Dec 15 '11 at 03:07
  • yes that would be the return link that runs my script – jonnypixel Dec 15 '11 at 03:11
  • oh yes i would log everything except cc details. i think jmacinnes also helped by pointing out refunds etc... – jonnypixel Dec 15 '11 at 03:12

1 Answers1

1

This isn't really an answer, since there wasn't a specific question, but my two cents..

Your solution is likely overly simplistic. Consider the following:

  1. Is this a subscription product, a physical, delivered product, or something else entirely? Requirements will be different depending. That you have the "paid" flag on your users table leads me to believe that it is a subscriptions. If so, it is likely misnamed. Instead of "paid", you likely want a flag for "currently subscribed", since the user will actually pay multiple times.

  2. What's the policy for refunds, charge backs, or partial credits?

  3. Does it matter how the user paid or when the user paid?

jmacinnes
  • 1,589
  • 1
  • 11
  • 21
  • Yes thank you for your feedback. The service is simple. They pay once their service expires in a year by simply changing 1 back to 0. – jonnypixel Dec 15 '11 at 03:10
  • i have actually taken on your advice and since confirmed those issues with the bank. The way that i will set it up is by collecting some data, then after 365days i will unpublished their web listing. They will then get an email where they can login to their account and make a new payment. Refunds will be handled by the client logging into their merchant account and issuing it there with the click of a button. It is always one payment for one year then it expires, i will use a simple cron script to check that. Have i missed anything else? – jonnypixel Dec 15 '11 at 04:28