I’m developing a website in Ruby on Rails to sell valuable goods. We need to have a very secure payment system in order for people to purchase stuff online.
Companies like PayPal seem to take a big commission, so we are wondering how sites like 99 designs or ugallery handle payments?
I’m a programmer, but until a year or so ago, I was entirely coding in C++. 2 months back, I switched to Rails and I have a little bit of experience in that, but I want to know what the best way is to tackle this problem. Obviously, I want to make sure that my customers know our system is fully secure, but I have 0 experience in developing commercial websites like this.
What pitfalls should we be aware of? Any examples I can look at? Are there Rails gems that we can leverage to set this up? How do we go about getting our site verified by a McAfee/Verisign/whatever (and is this necessary?)
The best and easiest way to have a secure payment system is to have as little to do with it as possible. I’ve heard good things about Braintree Payments — especially about their client libraries. (Though Square definitely has the “buzz” these days as the new hip and cool payment processing vendor.)
Whoever does your purchase processing will take a cut. It’s part of the convenience of not counting $100 bills and checking each one with test-pens and loupes to ensure you’re not being taken.
I giggle every time I see a “Verified by McAfee” or “Verified by Verisign” logo on a web site. I don’t know what they actually do to “earn” that badge, but in my mind I imagine it mostly starts and stops with a payment of $$$ and periodically checking that the site’s SSL certificate hasn’t expired. I can’t imagine that they actually have a team of hackers looking for weaknesses in websites constantly and they absolutely cannot provide any assurances that the site hasn’t been hacked — unless they also provide hosting. Maybe ask your payment processor if their clients have noticed any sales increase / decrease with the little logos or if there is any actual value to these products. I doubt it, but perhaps someone else has hard numbers.