用于安全支付的最佳支付网关和 Rails gems? [英] Best payment gateways and Rails gems for secure payments?

问题描述

我正在用 Ruby on Rails 开发一个网站来销售有价值的商品.我们需要一个非常安全的支付系统，以便人们在线购买商品.

I'm developing a website in Ruby on Rails to sell valuable goods. We need to have a very secure payment system in order for people to purchase stuff online.

像 PayPal 这样的公司似乎收取高额佣金，所以我们想知道 99 设计 或 画廊 等网站如何处理付款?

Companies like PayPal seem to take a big commission, so we are wondering how sites like 99 designs or ugallery handle payments?

我是一名程序员，但直到大约一年前，我才完全用 C++ 编码.2 个月前，我改用 Rails 并且在这方面有一些经验，但我想知道解决这个问题的最佳方法是什么.显然，我想确保我的客户知道我们的系统是完全安全的，但我在开发此类商业网站方面的经验为零.

I'm a programmer, but until a year or so ago, I was entirely coding in C++. 2 months back, I switched to Rails and I have a little bit of experience in that, but I want to know what the best way is to tackle this problem. Obviously, I want to make sure that my customers know our system is fully secure, but I have 0 experience in developing commercial websites like this.

我们应该注意哪些陷阱?我可以看看任何例子吗?是否有我们可以利用的 Rails gem 来设置它?我们如何让 McAfee/Verisign/任何人验证我们的网站(这是否有必要?)

What pitfalls should we be aware of? Any examples I can look at? Are there Rails gems that we can leverage to set this up? How do we go about getting our site verified by a McAfee/Verisign/whatever (and is this necessary?)

推荐答案

拥有安全支付系统的最佳和最简单的方法是尽可能少与它打交道.我听说过关于 Braintree Payments 的好消息——尤其是关于他们的 客户端库.(尽管 Square 作为新的时尚和酷炫的支付处理供应商，这些天肯定有嗡嗡声".)

The best and easiest way to have a secure payment system is to have as little to do with it as possible. I've heard good things about Braintree Payments -- especially about their client libraries. (Though Square definitely has the "buzz" these days as the new hip and cool payment processing vendor.)

无论谁处理您的购买流程，都将分一杯羹.不计算 100 美元的钞票并用测试笔和放大镜检查每张钞票以确保您没有被带走，这是方便的一部分.

Whoever does your purchase processing will take a cut. It's part of the convenience of not counting $100 bills and checking each one with test-pens and loupes to ensure you're not being taken.

每当我在网站上看到由 McAfee 验证"或由 Verisign 验证"徽标时，我都会咯咯地笑.我不知道他们实际上做了什么来赚取"那个徽章，但在我看来，我想它主要是通过支付 $$$ 开始和停止，并定期检查网站的 SSL 证书是否没有过期.我无法想象他们实际上有一个黑客团队不断寻找网站的弱点，他们绝对不能保证网站没有被黑客入侵——除非他们也提供托管服务.也许询问您的付款处理商，他们的客户是否注意到这些小标志的销售额增加/减少，或者这些产品是否有任何实际价值.我对此表示怀疑，但也许其他人有确切的数字.

I giggle every time I see a "Verified by McAfee" or "Verified by Verisign" logo on a web site. I don't know what they actually do to "earn" that badge, but in my mind I imagine it mostly starts and stops with a payment of $$$ and periodically checking that the site's SSL certificate hasn't expired. I can't imagine that they actually have a team of hackers looking for weaknesses in websites constantly and they absolutely cannot provide any assurances that the site hasn't been hacked -- unless they also provide hosting. Maybe ask your payment processor if their clients have noticed any sales increase / decrease with the little logos or if there is any actual value to these products. I doubt it, but perhaps someone else has hard numbers.

这篇关于用于安全支付的最佳支付网关和 Rails gems?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！