|
Especially in the field of security relevant issues like the credit card processing I strongly recommend you consider the use of an already existing service. Unless you have the full competence in credit card processing (e.g. if you are a bank) it will be very expensive and time consuming to consider all the traps and pitfalls with the processing of payment clearings.
You would have to take precautions like handling double payments, cancelling payments, notifying the payer and the seller, tracking the actual clearing of the card payment, communication protocols with the different card issuers, encryption, checks against fraudulent abuse and many more. I can hardly imagine that the investment in developing your own solution will pay off unless you handle ten thousand transactions a day.
The solution will be a middleware solution for security reasons anyway, so getting back to a proven solution is advisable.
To answer your second question, SAP certification does mainly two things. It shows that the solution is technically compliant with your SAP system, so it won't kill your server by overloading the system with requests, it will not tamper with the SAP technical and security infrastructure, will not by-pass the official access methods and authorization checks, will not open a clandestine tunnel or a Trojan horse to give access from outside your system and will only make the most restrictive requests for data from your SAP system, just those necessary to make the app function.
The certification also gives you a warranty that the provider is a serious company and has established a minimum of know-how about communication with SAP. Although a certification should not be the ultimate decision criteria and not replace your own proper and decent evaluation of the product (certification does not check the suitability of task), it is a guarantee that the solution is technically properly designed according to best practices as applicable.
To find out about certified solutions for credit card processing you may contact SAP or cc clearing bank. I personally do not want to make a recommendation as I have not synoptically evaluated such kind of software. However, as a hint: We are using a certified solution provided by XiPay by Paymetrics (paymetrics.com) without any problems. This solution is certified against SAP's CA-PCI (Cross-Application Payment Card Interface).
|
