Suppose a company requires the ability to process credit card payments from their customers within SAP. If the...
company has no expertise in credit card processing would it be a better idea to invest time and money in the development of the interface technology internally (and the associated ongoing maintenance) or to purchase a third-party middleware package?
Also, what are the advantages of using a middleware solution certified by SAP and those that are not certified by SAP?
Especially in the field of security relevant issues like the credit card processing I strongly recommend you consider the use of an already existing service. Unless you have the full competence in credit card processing (e.g. if you are a bank) it will be very expensive and time consuming to consider all the traps and pitfalls with the processing of payment clearings.
You would have to take precautions like handling double payments, cancelling payments, notifying the payer and the seller, tracking the actual clearing of the card payment, communication protocols with the different card issuers, encryption, checks against fraudulent abuse and many more. I can hardly imagine that the investment in developing your own solution will pay off unless you handle ten thousand transactions a day.
The solution will be a middleware solution for security reasons anyway, so getting back to a proven solution is advisable.
To answer your second question, SAP certification does mainly two things. It shows that the solution is technically compliant with your SAP system, so it won't kill your server by overloading the system with requests, it will not tamper with the SAP technical and security infrastructure, will not by-pass the official access methods and authorization checks, will not open a clandestine tunnel or a Trojan horse to give access from outside your system and will only make the most restrictive requests for data from your SAP system, just those necessary to make the app function.
The certification also gives you a warranty that the provider is a serious company and has established a minimum of know-how about communication with SAP. Although a certification should not be the ultimate decision criteria and not replace your own proper and decent evaluation of the product (certification does not check the suitability of task), it is a guarantee that the solution is technically properly designed according to best practices as applicable.
To find out about certified solutions for credit card processing you may contact SAP or cc clearing bank. I personally do not want to make a recommendation as I have not synoptically evaluated such kind of software. However, as a hint: We are using a certified solution provided by XiPay by Paymetrics (paymetrics.com) without any problems. This solution is certified against SAP's CA-PCI (Cross-Application Payment Card Interface).
Related Q&A from Axel Angeli
An SAP user wants to know how to upload data into SAP R/3 when SAP Scripting is not enabled.continue reading
An SAP user is receiving an error message while integrating SAP iDoc PORDCR1 for a purchase order.continue reading
An SAP user is having difficulty with PERNR iDoc while transporting data from SAP to an external system.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.