Problem solve Get help with specific problems with your technologies, process and projects.

Internal interface development vs. third-party middleware

Suppose a company requires the ability to process credit card payments from their customers within SAP. If the company has no expertise in credit card processing would it be a better idea to invest time and money in the development of the interface technology internally (and the associated ongoing maintenance) or to purchase a third-party middleware package?

Also, what are the advantages of using a middleware solution certified by SAP and those that are not certified by SAP?
Especially in the field of security relevant issues like the credit card processing I strongly recommend you consider the use of an already existing service. Unless you have the full competence in credit card processing (e.g. if you are a bank) it will be very expensive and time consuming to consider all the traps and pitfalls with the processing of payment clearings.

You would have to take precautions like handling double payments, cancelling payments, notifying the payer and the seller, tracking the actual clearing of the card payment, communication protocols with the different card issuers, encryption, checks against fraudulent abuse and many more. I can hardly imagine that the investment in developing your own solution will pay off unless you handle ten thousand transactions a day.

The solution will be a middleware solution for security reasons anyway, so getting back to a proven solution is advisable.

To answer your second question, SAP certification does mainly two things. It shows that the solution is technically compliant with your SAP system, so it won't kill your server by overloading the system with requests, it will not tamper with the SAP technical and security infrastructure, will not by-pass the official access methods and authorization checks, will not open a clandestine tunnel or a Trojan horse to give access from outside your system and will only make the most restrictive requests for data from your SAP system, just those necessary to make the app function.

The certification also gives you a warranty that the provider is a serious company and has established a minimum of know-how about communication with SAP. Although a certification should not be the ultimate decision criteria and not replace your own proper and decent evaluation of the product (certification does not check the suitability of task), it is a guarantee that the solution is technically properly designed according to best practices as applicable.

To find out about certified solutions for credit card processing you may contact SAP or cc clearing bank. I personally do not want to make a recommendation as I have not synoptically evaluated such kind of software. However, as a hint: We are using a certified solution provided by XiPay by Paymetrics (paymetrics.com) without any problems. This solution is certified against SAP's CA-PCI (Cross-Application Payment Card Interface).

Dig Deeper on SAP integration

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.