How do scripts communicate with banks? - web-services

What options exist to facilitate payments to banks or credit card companies? Are there programmatic APIs for banks that, say, perform the same actions as paypal might? I'm looking for libraries or options that aren't through an existing provider; that could be developed on their own.
Basically, lately I've become interested in ecommerce and I'm wondering how the communication between a website and a bank or credit card company is made.
I've looked around a bit, but I'm not really sure about the terminology in the field; any resources you could point me at, or good books about the subject would be awesome. Thanks!

You get a merchant account with a bank, then sign up with a merchant processor like Cybersource or Litle. The merchant processor provides an webservice API to process authorizations, payments, credits, and voids. You implement the processor's API and then you can do online payments. They act as a go-between for you and the credit card company. You're not likely going to get permission to communicate directly with the credit card's network.
Maybe use this link as a starting point. This is cybersource's API documentation.

Related

Problem setting up Google Maps API Billing Acount

I hope you are all very well. I'm developing a web platform for an assignment and I need to use the Maps JavaScript API. As you know, you are required to provide a credit card number to set up your billing account, unfortunately I'm from Venezuela and credit cards are not something that you can see every day, first I tried using a false credit card number, it didn't work, then I managed to find someone who had a credit card, but it seems like the credit limits in my country are not even high enough for Google to test that the credit card actually works. I've tried sending requests to the API but all of them have been rejected and I haven't been able to find any ways around this problem. It's very embarrassing to ask for this, but if someone could provide me with an API key that works, I'd very more than grateful, I can pay for using the API Key, my only problem is that I don't count with a credit card (I could pay with cryptocurrencies if that were an option), and even if I had a credit card, my country is not included in the list of countries that can be chosen when creating a new billing account. Thanks in advance, it's a very important assignment and I really need some help.
I believe that you can use a PayPal account. For Google Cloud you can prepay an account, maybe you can do the same with Google Maps.
A shared API key will probably get blocked quickly by Google, so do not try to go that route.
Another idea is to join a local Google Developer Group, someone might be able to help you. Also, sometimes developer/educational credits are available. This is worth your time and can help you with contacts as you develop your skills.
Google Developer Groups
Link to the Caracas GDG

PCI-DSS Compliance Using Checklist A

Our current setup.
We fully outsource our card processing service to a PCI compliant vendor. The way customers enter their card information is from a web page iframe delivered directly to their browser from the 3rd party vendor.
Our understanding this gives us the green light to use Checklist A because we do not control the page and card data never touches our company network.
My question:
We also have a billing application (on our network) that also has an embedded browser to which a credit card entry page is loaded from the 3rd party (iframe). We use this in case a customer calls us to update their card info.
Our accounting department types the updated card number into the web page (delivered from the 3rd party) and posts the update.
Does this process now exclude us from using checklist A?
Many thanks for responses.
Regards,
Bryan
When your agents key in a customers details they are classified as using a Virtual Terminal:
A virtual payment terminal is web-browser-based access to an acquirer,
processor or third party service provider website to authorize payment
card transactions, where the merchant manually enters payment card
data via a securely connected web browser.
SAQ A is likely not applicable, there is a specialised SAQ that covers this: SAQ C-VT which is for:
Merchants with Web-Based Virtual Payment Terminals—No Electronic
Cardholder Data Storage
This is something you should ask your service provider or a QSA to clarify/help with.
I'd be careful about using SAQ-A as it only applies if:
Your company has no direct control of the manner in which cardholder data is captured, processed, transmitted, or stored;
And, you most certainly can't use SAQ-C-VT as it only applies if:
Your company’s only payment processing is via a virtual payment terminal accessed by an Internet connected web browser;
Consequently, if I were in your shoes, I'd be using SAQ-C. SAQ-C sucks though, so if I were in your shoes, I'd be even more tempted to implement a user login/credit card update form so that customers can update their own credit card numbers, keep your accountants entirely out of the loop, and let you stay at an SAQ-A!!

Searching for a live stock trade web service

I'm searching for a reliable trading company which exposes a web service for live trade.
Basically I'm interested in:
opening an account (you know, minimum everything for a start - minimum account value
for opening, minimum commissions, etc.) and getting credentials.
Through the web service, provide my credentials and connecting to the server.
Through the web service executing trade operations (mainly buy/sell level 1 stocks under
NASDAQ/NYSE).
Does anyone familiar with such a service and can recommend it?
Cheers
There are a bunch of online brokers that meet the criteria you shared in your comment. An example of a widely used API by retail traders is Interactive Brokers. You can also take a look at Trading Technologies which is more sophisticated in my opinion and have better support. Then there is also TD AmeriTrade. You can also use standard market protocols like FIX to write an execution connector through a FIX Engine. Many brokers support FIX, an example is Goldman Sach's electronic trading platform.
Secondly, from your comment it seems like you are sort of in the testing phase. I encourage you to take a look at some retail trading platforms that are not brokers perse, but allow you to connect to multiple brokers and data feeds. Take a look at NinjaTrader, OpenQuant to name a couple.

Are there any web services or other APIs that let you purchase something without having to set up an account first?

I am trying to prototype a system that will display a list of choices to a user, and allow them to place an order for the one they select (an over simplification of the prototype, but sufficient to get to the point). I have the users credit card number, billing and shipping addresses, and other contact information, but I can't find any web services that will let me actually purchase something with this information to complete the prototype. I have checked directories such as Programmable Web and Xmethods, but they just seem to point to APIs that let you check for prices and availability, but not actually place an order. Does such a thing exist, or is there some reason (such as security) that I am missing, that prevents such a service from being offered?
The most important thing about online shopping is the security of transmitted information (e.g. credit card data). So the ideal case is to transmit these information directly to the related bank's (issuer of the credit card) payment services, rather than passing it via other service providers. This is what 3-D Secure does.
So when you use a common API this means putting an extra broker between, and passing the secure information to this party which increases vulnerability. Since such a broker cannot use 3-D secure (since it is not the merchant so not possible to make an agreement with the banks) and it should pass the information to online shopping site.
Moreover, an online shoping site can block traffic coming from such an intermediary webservice at any time if you do not make an obligatory agreement and making agreements for each online merchant is practically not very possible.
There is no such free API available the simple reason behind that information like credit card is very secure and confidential and there will security threat on free API's.
here is list of best 10 online payment system
http://sixrevisions.com/tools/online-payment-systems/
and this one who providing live demo
http://www.fastcharge.com/
I think it is possible though I don't know in depth information. I think this is what you see. In next steps you will be redirected to payment gateway of the bank and then you can complete the transactions just by answering some security questions. I think this is a service you should obtain from the bank. And I haven't seen any universal API that can perform the task you have mentioned.
Dialog GSM - Sri Lanka
Anything.lk - Sri Lanka

Membership and event API? Or should I do it myself?

I've been tasked with setting up a society's website. I'm a full time Django (at al) web developer so I was happy to take on the task.
Going through the specs, they want to control memberships so that all applications need a "second" (read: sponsor, referee, etc) and then they need to pay a subscription fee to be part of the club.
This club has a number of events with variable ticket prices for lunches and talks to name two. Only members are allowed to see the price per ticket and therefore only members are allowed to buy the tickets.
I had originally planned on farming the event management off to EventBrite and pulling the upcoming events back to the website through EB's API but this members-only constraint looks like something EventBrite can't do.
Then there's processing members subscriptions. I had hoped to allow anybody to register a django.contrib.auth account but leave subscription payment offline but the client would be happier if they could mark accounts as "members", store the subscription data in the database and let the members pay online.
Like with EventBrite, I was hoping I could store rough membership data (whether or not they're allowed to subscribe, a unique token for the user on the API service, their level of membership and their membership's expiry) and there'd be something I could post users off to to process their subscription payment.
I basically don't want to touch any payment systems. Even something as simple as Paypal+IPN is something I'd rather not do (I can and have in the past on other projects) but it's the layer of management that I'd have to build around it (messaging members, creating recurring events, etc) that I'd like to farm out to a third party... Even if they do want an additional percent of the payments processed.
Do any of you know any suitable APIs that cover membership or events or both?
Or is this so complex that I should give up hoping for external help and just knuckle down and do it myself?
I think the google search you are looking for is online membership management. I don't know if any of them play particularly nicely with Django/python, but some of them do include APIs. Almost all of these are companies that charge, either for the system, or on a per-user basis.
If you don't mind installing something yourself, CiviCRM is a free, open source solution that I found with a bit of googling. It's integrates with either Joomla or Drupal (so probably PHP-based). You'd have to put the payment processing in yourself, but it does support payments using PayPal which would take handling payments mostly out of the equation. If you can, choose PayPal Express rather than PayPal Website Payments Pro since you may need to be PCI-DSS compliant to use the latter.