Fwd: SPUG: online cc software or mechanism?

James Munger jmunger1 at yahoo.com
Sat Aug 26 00:44:56 CDT 2000

> Can anyone suggest software/services for credit card varification
> that will run work smoothly with Perl/Linux? 

At my last job, I made the first version of our billing system.
I spent the first few weeks researching third-party companies
that do this sort of thing (this was spring of '99).

The industry leader is CyberCash, but I found them to be
slow to respond to questions, and their code interface was
very kludgy.  Instead, I went with authorize.net, which
was faster, had relatively simple means of communicating
with their tools, and had better customer service.

> I have several merchants with website catalogs who already have
> merchant credit card accounts. They would like to speed up the
> process. Presently we ship the web orders to them via email and
> they call in the credit card for approval after the fact.

If they want to speed it up from this, then you need to either
keep their information on site, or have them submit it each
time through a web interface.  The latter is probably more
safe (see below), but doesn't save as much time.

> My take on how it would work is that our order scripts would send
> the vital information about the card to a service that chases down
> the cardholder's data and returns the results. Does this require
> software, or can it be done by mail?

It's done by web interface.

The lowdown is thus, if using authorize.net:

- Version A (information not yet available)
  - User submits cc information via your web page (SSL).
    This includes "name on the card" and zip code.  These
    are the only two pieces of information (besides cc#
    and expiration) really needed to verify a valid holder
    of that card, if I remember correctly.
  - The form that gets this information goes to a script
    that sends this information to the site.  In my case, I
    used LWP to connect to their "input cc order by hand"
    web page, which returns another page that you scrape
    back with LWP and hopefully has "Authorization Accepted"
    (or something, I forget) on it.  Otherwise there's an
    error message you can parse out for the user.
  - One it's accepted, you do what you do with the order,
    knowing you'll get your money.

- Version B (information on site, automated)
  - If your users have their own identifier (e-mail,
    whatever), then you can save their information
    on site, and bring it up and the submit page when
    they get to that part.  If you want to do this,
    though, you'll still have to have them go through
    step A the first time through, of course.

Whether or not you want to keep the clients' information
digitally is a whole other issue, involving lots of
security questions.  As I'm a programmer, and not a
systems person, and the system I worked on never made
it into production (don't ask), I can't help much with
this part (yeah, I'm copping out here).

The transaction works like this:

You submit the information, and it's accepted.  However,
you don't have your money right away.  It goes into a
large batch of transactions for the company (authorize.net
in this case) to submit to banks at the end of the day.
When the actual transactions are done, the money all goes
into an account you've set up at some other bank.  From
this same account, authorize.net takes its cut once a

The cost for authorize.net was $15 a month and $.35
per transaction.


You can submit batches of comma-delimited (or was it
tabs?) to a different page.  This is useful for subscriptions
and other recurrent charges.

Also, it takes checks.  Submit the routing number, account
number, and bank name, and you can deduct right from the
user's checking account.  Same cost, I think.

> Would love to see a presentation at a user-group meeting about
> setting this up.

(I feel like I should be charging billable hours :)

Unfortunately, I wouldn't feel up to snuff enough to
go through a full presentation on this, as I haven't
touched it in just over a year.  I can feel "the little
things" trying to resurface as I type this.

I know there are some other such clearing houses out
there, maybe on Yahoo! or some of the other big names
(which probably bought or partnered for the technology,
but I digress).

James Munger
IS, Cobalt Group

Disclaimer:  I am not affiliated with authorize.net or anyone else
  in its market.

Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For full traffic, use spug-list for LIST ; otherwise use spug-list-digest
  Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/

More information about the spug-list mailing list