Chase Paymentech

296 views
Skip to first unread message

Bobby Roberts

unread,
Apr 19, 2010, 10:17:58 AM4/19/10
to Django users
Has anyone out there integrated a payment module in django over to
Chase Paymentech to process credit cards? I'm looking for sample code.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Bill Freeman

unread,
Apr 20, 2010, 10:17:12 AM4/20/10
to django...@googlegroups.com
Beware! There are a number of security vulnerabilities you can have when
handling credit card numbers. There is something called PCI (Payment Card
Industry, if I'm not mistaken) compliance, the intent of which is to
try to avoid
some of the big credit card number stealing hacks that have been in the news
in recent years.

For most sites it is better to deal with someone like Authorize.net: These
services let you point your "checkout" link at them, either with a back channel
identified by order number (which you add to the url) to pick up the total, and
perhaps the item list, or a way to provide that in the get or post
with a suitable
signature. They host a page that you get to style, so you can have,
for example,
your color scheme and logo. They accept the credit card information, do the
dance with the payment processor (such as Chase Paymentech), and, if
payment is successful, send you a packet, email, or provide a webservice
where you can check, so that you know to "ship". These services do all the
PCI compliance diligence. You are safe because the credit card information
never touches your website.

Bobby Roberts

unread,
Apr 20, 2010, 10:34:00 AM4/20/10
to Django users
Hey Bill -

It is my understanding that as long as you do not store credit card
information on your servers, PCI compliance is not an issue. Chase,
Authorize.net, Paypal, ilovechecks.com etc all have API gateways to
handle the transactions via https protocol which satisfies the
industry financial standards. I'm just wondering if anyone has infact
worked with the Chase API before



On Apr 20, 10:17 am, Bill Freeman <ke1g...@gmail.com> wrote:
> Beware!  There are a number of security vulnerabilities you can have when
> handling credit card numbers.  There is something called PCI (Payment Card
> Industry, if I'm not mistaken) compliance, the intent of which is to
> try to avoid
> some of the big credit card number stealing hacks that have been in the news
> in recent years.
>
> For most sites it is better to deal with someone like Authorize.net:  These
> services let you point your "checkout" link at them, either with a back channel
> identified by order number (which you add to the url) to pick up the total, and
> perhaps the item list, or a way to provide that in the get or post
> with a suitable
> signature.  They host a page that you get to style, so you can have,
> for example,
> your color scheme and logo.  They accept the credit card information, do the
> dance with the payment processor (such as Chase Paymentech), and, if
> payment is successful, send you a packet, email, or provide a webservice
> where you can check, so that you know to "ship".  These services do all the
> PCI compliance diligence.  You are safe because the credit card information
> never touches your website.
>
> On Mon, Apr 19, 2010 at 10:17 AM, Bobby Roberts <tchend...@gmail.com> wrote:
> > Has anyone out there integrated a payment module in django over to
> > Chase Paymentech to process credit cards?  I'm looking for sample code.
>
> > --
> > You received this message because you are subscribed to the Google Groups "Django users" group.
> > To post to this group, send email to django...@googlegroups.com.
> > To unsubscribe from this group, send email to django-users...@googlegroups.com.
> > For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to django-users...@googlegroups.com.
> For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

surtyaar

unread,
Jun 18, 2010, 2:09:14 PM6/18/10
to Django users
Hi Bobby,

You might be interested in a django clone of the sample shopping cart
chase paymentech provided (http://store.e-xact.com/).

You can get the code and setup instructions here :
http://github.com/gitaaron/E-xact-django-clone

Rgds/
Aaron

zweb

unread,
Jun 18, 2010, 4:38:48 PM6/18/10
to Django users
I thought Chase Paymentech uses authorize.net. Please correct me...

so any sample code to integrate django based web app to authorize.net
without going to chase or authorize.net hosted pages?

Dan Gentry

unread,
Jun 20, 2010, 9:16:18 AM6/20/10
to Django users
Storing credit card numbers (and other info) isn't the only concern of
the PCI standards. If your form collects a number an passes it on to
the processor, you could also be vulnerable.

Francis Gulotta

unread,
Jun 20, 2010, 1:51:08 PM6/20/10
to django...@googlegroups.com
Django bursar should also be mentioned. I'm about to try to use it, but out of the payment modules I've found it seems the most sane.


-Francis

---
Francis Gulotta
wiz...@roborooter.com
Reply all
Reply to author
Forward
0 new messages