Security in online shopping: credit/ debit card validation

I want to make a small website which can allow users to open account, to shop, and to pay online…

can i know the process or idea when it comes to the credit/ debit card validation and verification…? I came across this keywords over internet - merchant account and Luhn formula - what are they for actually and how to make them…?

In other words, how to do o the credit/ debit card validation and verification which i can protect myself as a seller from fraud and to protect my customers if they provide their card numbers.

what is SSL??

Any reliable books or online tutorials/ references i can count on?

Many thanks,

I used shop fitter to build my site.They provide a secure server for no monthly fee and only charge £1 per transaction upto 100 transactions this works great for me as a small buisiness

May I suggest a little reading?

I use for processing Credit and Debit cards. They have some development and integration guides here: - that may shed some light on the issue.

You might want to consider purchase a book on e-commerce and perhaps PHP shopping carts, etc.

Lau, since you are going to process credit card payments on-line, you will have to open a merchant account and use a payment gateway to process the payments.

Any gateway will check whether the credit card is valid (check number of the credit card, expiration date, etc). As for fraud protection - it is usually included into payment gateway integrations also, they make fraud screening automatically and return the transaction status based on the check result also.

There are some fraud screening services that you can even use yourself, for example, MaxMind is very popular:

hi thanks for your suggestions. seems to be very good. but it seems to cost me - do i need to pay for that so that i can see if it works well with mine site?


thanks. can i know how to get a merchant account?

MaxMind seems costs me a lot! it requires a continuous payments! wow…

Paypal works too

One thing to bear in mind, is that if you handle the card numbers at all then you will need to be PCI DSS compliant aat much higher levels than if you don’t see the card numbers (you still need to be PCI DSS compliant, but at a lower level).

For this reason, I’ve been suggesting recently that beginner merchants use a hosted cart solution such as 2Checkout or other similar stores, that way they don’t have to worry so much about security issues.

you can use 3rd party payment gateways to protect yourself from fraud.

some are good like …etc.

if you open merchant account from your bank it will be tough for you to track orders and verify for approval.

I prefer to let the payment gateway take care of the security, Protx is pretty good and has very reasonable rates, may be worth you having a look at.

HI guys.
Isnt it posible to employ a company that is specialased on that area to handle the validation and verification of the credit and debit card.


use for added security.

One of the best moves i ever made was to use e-junkie

They have a cool interface and manage downloads
coupon code: EASYE-JUNKIE
gives you 67 days for free, after that i think its $5 a month

They interface with google checkout, paypal, 2checkout

handle all the back end transactions.

if someone cancels or paypal does a chargeback the page that the user used to access the data auto cancels.

really cool little site.

In my view paypal will be the best to protect fraud

PayPal is a very good option to start with. All you need is to open an account with Paypal, then you configure that account on your website. Paypal Basic account provides both functionality of both merchant and Gateway. You will also have an option to use express checkout. In this case Paypal will take care of all the account verification and validation. 2Checkout can be another provider that can me considered.

Good Luck

Yes you need to study more and understand terms like credit card processor, payment gateways etc. This might be a good start (

Also note, that if you decide (for some unbeknown reason) to process your payments in-house, then depending on your countries laws you have a legal obligation to dispose of credit card details within a certain time period.

i have a site based in the UK only, another site based in overseas - Hong Kong…

thank you. i think i would try paypal… any online references about using paypal to process payments…?

i dont really like using some open source shopping cart like zencart…

i have another site which will only collect memberships/ member fees from the members - is paypal a good choice for collecting member fees only…?

thanks for the advice,