Payment Gateway Comparison - Open Source SSL Certificates PayPal PCI Compliance Authorize.net Hosted vs. API Gateways Installation Packages Technical Support
Payment Gateway Comparisons
There are over one hundred payment gateway vendors world wide. Of those, about 70 of them operate in the USA. Therefore this not intended to list all of the possible gateways and each cart's support for all of those gateways. This listing is based on a very brief survey of each carts "feature listing", therefore the degree or completeness of that support is up to you to investigate and confirm. Hopefully this gives you a starting point.
The Gateways selected where based on those gateways that were supported by at least one of the reviewed shopping carts, operates in the USA, and the module for that gateway was actually found in the cart's administration tool. Below this table is the link to that shopping carts "Payment Gateway Supported" page if one exists.
| Presta | OpenC | ZenC | OsCom | Chromium | |
|---|---|---|---|---|---|
| PayPal™ - WPS | X | X | X | X | X |
| PayPal™ - WPP | X | X | X | ||
| Authorize.net - SIM | X | X | X | ||
| Authorize.net - AIM | X | X | X | ||
| Google™ Checkout | X | ||||
| LinkPoint API | X | ||||
| YourPay API | X | ||||
| 2CheckOut | X |
Hosted vs API
There are two basic types of gateways, Linked/Hosted (Hosted) or Local/API (API). Hosted means that the entire interaction with the Credit Card information is on on the gateway vendors servers. They are responsible for security meeting the various PCI requirements. The Hosted type is often referred to as a "Link" type. The API type means that the entire interactions with the Credit Card information occurs on YOUR website. This means that YOU are responsible for security and meeting the various PCI requirements.
SSL Cert Requirements
Some of the Listed Gateways require an SSL certificate on the server that is running your shopping cart. The Hosted type does not required an SSL certificate because the credit card and payment portion of the transaction occurs on the Gateway Vendor's servers (they are Hosting the Gateway). The API type does require an SSL certificate because your shopping cart is directly handling the Credit Cart transactions. In addition to having and SSL certificate your Merchant Account provider will require that you be PCI compliant.
PCI Compliance Requirements
All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. PCI SSC is responsible for managing the security standards while each individual payment brand is responsible for managing and enforcing compliance to these standards. For questions regarding compliance validation requirements and deadlines as well as compliance reporting requirements, we recommend that you contact your acquirer. For more information regarding the PCI security standards and supporting documentation, including the “Navigating the PCI DSS” as well as targeted Self Assessment Questionnaires to assist small and medium merchants, please visit the PCI SSC website at: www.pcisecuritystandards.org.
If you need help meeting PCI requirements, SonicSpider has staff members that specialize in helping you meet those requirements. Contact Rich at 619 955-6380 ext 113 or 213
The following chart summaries a number of these requirements:
| Hosted | API | SSl Cert | PCI | |
|---|---|---|---|---|
| PayPal™ - WPS | Yes | |||
| PayPal™ - WPP | Yes | Yes | Yes | |
| Authorize.net - SIM | Yes | |||
| Authorize.net - AIM | Yes | Yes | Yes | |
| Google™ Checkout | Yes | |||
| LinkPoint API | Yes | Yes | Yes | |
| YourPay API | Yes | Yes | Yes | |
| 2CheckOut | Yes |