This isn't a project you would write with PHP. You would need to use a higher level language such as C or C++. Something compiled that will be much faster and more robust then PHP. You can power your web based front end with PHP (i.e. user control panel) but the backend stuff, including payment processing, will need to be in the higher level language. You'll also need an enterprise level database as open source databases could never handle a task like this. Basically you're looking at using an Oracle database which is expensive but also designed for this sort of thing.
There are no tutorials for this because this is a complex job. It's about as complex as a project can get. That's why you can't find any documentation on it.
Your first major issue will be PCI DSS compliance. This is the security practices dictated by the major credit card companies (Visa, MasterCard, Amex, Discover Card, JCB). It dictates how you will secure your data in terms of hardware, software, and practice. It is expensive to do and maintain. You will need to hire a company to certify your compliance on a regularly scheduled basis. Failing your certification can mean you get shut down.
Your second major issue will be getting certified by the processing networks. To be a successful payment gateway you must be certified on every processing platform and there are at least 16 of them that I can think of off of the top of my head. Being certified takes about two months for each. You can do them simultaneously but you would be looking at at least a year to be certified on all of them. And each one has a different API so you will need to code your payment gateway to work with all of them.
Your third major issue will be the data you store. Not only do you have the PCI DSS issues to deal with, but you will need to capture and store every transaction that runs through your system for years. That kind of data will require tons of storage space (that will also need to be secured).
Your fourth major issue will be processing volume. A gateway must be able to perform transactions in a second or less. This means your hardware solutions must be able to scale for heavy traffic especially over the holiday season. It will need to be able to handle hundreds of transactions per second (thousands if you become successful). That is a big reason why you'll need to use a higher level language over PHP.
Your fifth major issue is that you will need to create a powerful yet easy to use API for web developers to use to connect to your payment gateway. They need to be able to do everything a credit card terminal can do through code. Documenting that should be fun! ;)
Minor issues include:
- Making sure you are ECI compliant (Electronic Commerce Indicator is required for all Internet transactions)
- Securing all data transfer (SSL)
- Offering a user control panel
If you want to be successful you will also need to have the following in place:
- Anti-fraud tools
- Have a reseller program in place
My estimations would say it would take 2 - 3 years to build your own payment gateway and get it up and running. That includes being PCI DSS certified, certified on every major processing platform, and to create your API. Costs would be around $250,000 as the developers you would need to write that kind of code will not be cheap plus you will have large infrastructure costs (hardware and software) just to run everything.
Now you can see why nobody new enters this market.
Friday, May 20, 2016