Health to the Web

In between a few weeks home in Ireland for family reasons, I've spent alot of the past 4 working weeks grappling with colleagues regarding eComm website architecture questions. A number of eComm vendors offer a "website in a box" which a customer then customizes for their site needs. Examples include Demandwares SiteGenesis, Hybris recently released their Accelerator product (see my blog post here for more) and so on. For some customers these can indeed be a good choice but in other cases its not a good fit for the customer and only guarantees vendor lock in for years to come ultimately leading to an expensive complete rip'n'replace when the whole cycle is often restarted again. An ideal eComm architecture (and not just eComm) is a service oriented architecture where an app is composed of web services with clearly defined interfaces. Such an architecture is loosely coupled and a given service can be replaced as needed with another service. EComm services coul

"The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the   Data Security Standard (PCI DSS) ,   Payment Application Data Security Standard (PA-DSS) , and   PIN Transaction Security (PTS)   requirements. " "Founded by five global payment brands -- American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. -- who have agreed to incorporate the PCI DSS as the technical requirements of each of their data security compliance programs. " More  here Important rules: " If you are a merchant that accepts payment cards, you are required to be compliant with the PCI Data Security Standard." " The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices

Cybersource Services. http://www.cybersource.com/developers/learn/cybersource_services/ Can implement each independently. Payment and Card Authorization http://www.cybersource.com/developers/learn/getting_started/how_payment_processing_works/ There are a number of ways to integrate but I prefer use Simple Order API or Soap api. They support multiple languages php , Java, Perl, C# etc. You can pass data as name value pairs or xml. I'd recommend Soap API for php especially with Soap built into php now. I defined a simple php class to hold params to be passed and then passed a new instance of that class to the Soap call. Cybersource provide a class ExtendedClient to facilitate the Soap call. The api will return a object you can assign to a class. Cybersource also provide useful sample code and test clients. Very thorough. Address Verification This is very like Card authorization explained above and I'd do the same approach if implementing (Soap with php). For addr