Credit card payments de-mystified
It can be confusing and mysterious, so exactly what's needed to collect credit card payments on your web site?
1. Cart Application/Client: your web site's shopping cart (i.e. VirtueMart, ZenCart, Wordpress Shopp or hosted solutions, like BigCommerce).
2. Payment Module: an application running in your site's shopping cart that interfaces with a Payment Gateway (sometimes using the same name as the Payment Module).
3. Payment Gateway: a vendor service that accepts credit card payments from your web site for processing (i.e. Authorize.net, PayJunction, IPayment, PayPal).
4. CC Processor: a step that the web site doesn't have any communication with. It's a step between the Payment Gateway and the Merchant Services Provider.
5. Merchant Services Provider: a vendor who handles the actual monetary transaction of getting your customer's money to you (i.e. Chase Paymentech).
6. Secure Hosting Account (https): a hosting service with a Secure Socket Layer (SSL), encrypting data transmissions between your web site's shopping cart (server-side) and your customer's computer (client-side).
7. SSL Certificate: a digital "signature" record, specific to your web site, installed on your hosting account. The certificate authenticates you as the entity you claim to be. SSL certificates are issued by third-party Certificate Authorities (i.e. Verisign, Comodo) after validating your signed application (sometimes called a Certificate Request Form) and Certificate Signing Request (CSR).
8. Certificate Signing Request (CSR): an encrypted digital file used by Certificate Authorities to issue a Secure Certificate. Typically, CSRs can be generated by you via a web form in your hosting account's "control panel." The form asks for things like your organization's name, address and web site domain. Once validated, your Certificate Authority will issue the corresponding Secure Certificate, which must be installed on the web host of your site's secure pages.