I'm developing a website in Ruby on Rails to sell valuable goods. We need to have a very secure payment system in order for people to purchase stuff online.
Companies like PayPal seem to take a big commission, so we are wondering how sites like 99 designs or ugallery handle payments?
I'm a programmer, but until a year or so ago, I was entirely coding in C++. 2 months back, I switched to Rails and I have a little bit of experience in that, but I want to know what the best way is to tackle this problem. Obviously, I want to make sure that my customers know our system is fully secure, but I have 0 experience in developing commercial websites like this.
What pitfalls should we be aware of? Any examples I can look at? Are there Rails gems that we can leverage to set this up? How do we go about getting our site verified by a McAfee/Verisign/whatever (and is this necessary?)
The best and easiest way to have a secure payment system is to have as little to do with it as possible. I've heard good things about Braintree Payments -- especially about their client libraries. (Though Square definitely has the "buzz" these days as the new hip and cool payment processing vendor.)
Whoever does your purchase processing will take a cut. It's part of the convenience of not counting $100 bills and checking each one with test-pens and loupes to ensure you're not being taken.
I giggle every time I see a "Verified by McAfee" or "Verified by Verisign" logo on a web site. I don't know what they actually do to "earn" that badge, but in my mind I imagine it mostly starts and stops with a payment of $$$ and periodically checking that the site's SSL certificate hasn't expired. I can't imagine that they actually have a team of hackers looking for weaknesses in websites constantly and they absolutely cannot provide any assurances that the site hasn't been hacked -- unless they also provide hosting. Maybe ask your payment processor if their clients have noticed any sales increase / decrease with the little logos or if there is any actual value to these products. I doubt it, but perhaps someone else has hard numbers.
It depends on what your goals are:
Stripe is great if you're looking for super easy less than an hour to setup type system. They have comparable or lower rates than you'll find else where at 2.9% + $0.30. What you'll find is other places do the same base rate, but they have monthly fees or other fees you'll have to pay. Stripe doesn't have any of these fees.
If you're looking to not get killed per transaction checkout Dwolla. They only charge .25 per transaction. The people paying on your site will need to register for a Dwolla account, but it's pretty easy to do and as it becomes more common more and more folks will have one.
