Accepting payments using Eway -


I have to use as a payment gateway but after facing the problem it is to face the problem.

Do not want to touch credit card details at any time, due to the requirements of PCI do not accumulate through my site and neither to move, let me send the user to the gateway hosted page Redirects the users provide all the details there and pay the payment to the page I specified for confirming the result on the gateway - call pay_done.php.

Now, in payment_done.php, I do not know to confirm that the confirmation payment has returned from the gateway itself or someone posted it on my page and because of its fake confirmation of my page confirmation Can be paid, but can not be paid at all.

Now pay_do.php I need to ask the e-if I got this confirmation (with some specific transaction ID) from them and if so, the amount is correct etc. Eva will return to me right / wrong and then I can be sure that the correct amount has been paid.

The problem now is that eve permits to query for this, only 100 times in one day.

I suppose now to run out of ideas and help in looking for the harder what options have I left? It seems unbelievable that there is no way to work without falling into PCI compliance issues, even use the Payment Gateway hosted page. Thanks in advance for any help.

The answer is two times.

You verify that this post came from EVA server, if the request came from elsewhere, you do not allow the request. This is the main form of your security.

If anyone on your site wants to hook your site, then implement it:

Before sending the user for payment, make a long hush. You can use a session variable to keep it

Pass the hash by using the eWayoption1 parameter.

When E.A. answers back the answer, check the eWayoption1 value to verify that it matches the current user payment hash.

You have to delete the session variable as soon as you have validated it even if the hash is wrong, then invalidate the session variable and start them.

In the middle of the hash, and confirming the posting IP address, you should be very safe.


Comments

Popular posts from this blog

c# - sqlDecimal to decimal clr stored procedure Unable to cast object of type 'System.Data.SqlTypes.SqlDecimal' to type 'System.IConvertible' -

Calling GetGUIThreadInfo from Outlook VBA -

Obfuscating Python code? -