Wordress payment gateway

Previsha

New Member
Joined
Jan 17, 2022
Messages
9
Reaction score
1
Hi

I am looking for some advice. My client is looking for a direct payment method. (wordpress website) You just add in your credit card details and make payment or eft directly. They not looking at payfast etc, where you need to login to make payment. Any ideas on how to approach this that would be secure.
 
Which approaches have you considered so far?
None. There aren't any other approaches.

If you're doing e-commerce and want to accept CC payments on your store, you need a 3rd party payment gateway.
 
None. There aren't any other approaches.

If you're doing e-commerce and want to accept CC payments on your store, you need a 3rd party payment gateway.
None is correct, I've only ever used 3rd party gateways and was hoping there might be another solution. They looking at something like takealot where you pay directly.
 
None. There aren't any other approaches.

If you're doing e-commerce and want to accept CC payments on your store, you need a 3rd party payment gateway.
That's the point I was trying to make. Give a man a fish...
 
What's their justification for wanting to go this route?

It's possible, but you'll be reinventing the wheel so that you can change its colour.
 
Hi

I am looking for some advice. My client is looking for a direct payment method. (wordpress website) You just add in your credit card details and make payment or eft directly. They not looking at payfast etc, where you need to login to make payment. Any ideas on how to approach this that would be secure.

Paystack? No idea if they have a Wordpress plugin though. Alternatively Peach Payments
 
None is correct, I've only ever used 3rd party gateways and was hoping there might be another solution. They looking at something like takealot where you pay directly.

If you don't mind doing the dev then as mentioned look at Paystack but you'd need to build the integration yourself.
 
Sage has/had a Wordpress integration if you have woocommerce.
 
None is correct, I've only ever used 3rd party gateways and was hoping there might be another solution. They looking at something like takealot where you pay directly.
Look at the url when you pay on takealot. You don’t pay directly. They use a whitelabeled redirect, possibly to paygate (this could have changed recently however).

Unless you have really good reasons, just seems like unnecessary development expense. You are going to need to implement 3d secure too.
 
Direct payment is generally not advisable as you'd be handling cardholder data directly. This makes you subject to stringent PCI-DSS compliance - which is time-consuming, costly and requires ongoing compliance measures. This is to ensure that as your business scales in transaction volume that you're handling sensitive information respectively as the risk to payment networks scales proportionate to the value that flows through your system. I'm assuming this isn't the route that you want to follow, in which case there's two options. You could 1) use direct charge APIs provided by existing payment gateways that allow you to transmit cardholder data to their system that handles the transaction, retaining control to some degree - which still requires compliance albeit less, but still cumbersome as you'll need to use a secure proxy or achieve compliance since you're handling sensitive information nevertheless - or 2) use a hosted fields implementation that allows you to style credit card detail fields in the look and feel of your website without directly interacting with the cardholder data while preventing the customer from being redirected to a third party payment gateway site for payment. If you don't have technical knowledge, in both cases you'll need to hire someone technical to do this for you. The latter case is the most trivial to implement. For what it's worth, systems that use these methods often have a dedicated use case for doing so. If not the case, it's in your (or your clients) best interest to use a managed solution as others have already suggested and for the those I've mentioned above.
 
What's their justification for wanting to go this route?

It's possible, but you'll be reinventing the wheel so that you can change its colour.
I think they just want a quicker way to make payments.
 
You don't need to log into Payfast as a consumer in order to make a payment. It's optional AFAIK.

Simply follow the steps on their site to install their plugin on your wordpress site. @intrinzic was spot on about PCI-DSS compliance. A full redirect to Payfast for payment is the safest and most secure option and their tutorial will guide you through that.

It's a guess but I think Takealot are running their own payment gateway which would put them in scope for PCI-DSS and they're most likely using Payfast or Paygate as a switch (for acquiring).
 
I think they just want a quicker way to make payments.
What does the market/user base say?

I have never once thought, after being sent to payfast, etc, “man I wish this was quicker”

I do however subconsciously think “i am glad that I am entering my card details into a secure/trusted site”
 
You think?

Speak with your client and understand what their needs are. Then, if their request is not in the best interest of the project, propose alternatives that meet their needs.

If they're hellbent on having something against your advice and are willing to pay, sure go ahead. This might be a hot take, but my opinion is that the developer should be on the hook if they blindly follow the client's input.
 
What does the market/user base say?

I have never once thought, after being sent to payfast, etc, “man I wish this was quicker”

I do however subconsciously think “i am glad that I am entering my card details into a secure/trusted site”
Its more for donations. But I think I'll chat to them and tell the options. I just wasn't sure if there was another way around this so its good that everyone has given me some good advise. Thanks.
 
You think?

Speak with your client and understand what their needs are. Then, if their request is not in the best interest of the project, propose alternatives that meet their needs.

If they're hellbent on having something against your advice and are willing to pay, sure go ahead. This might be a hot take, but my opinion is that the developer should be on the hook if they blindly follow the client's input.
Yes, everyone here was super helpful and I can advise them and see what they say. Thank You.
 
Top
Sign up to the MyBroadband newsletter
X