I have a dedicated server and many clients. I host my clients' sites on my server Usually my clients are happy for the checkout page to be hosted by a third party - eg paypal, worldpay, secpay, paypoint etc. Now I have a client that wants the checkout page to be on his own site; and I have no idea about how this works. If I do host it, I'll probably need an SSL certificate. Are these limited to one per server? per IP? per domain? What is the difference between a payment gateway, merchant account, payment service provider and a payment processor? Can anyone point me in the right direction so I may learn more about this stuff?
Basically a payment gateway is an interface allowing a website to process through their merchant account. A payment processor is a very broad description of 3rd party processors (Paypal, 2checkout, etc..), and merchant account providers that provide processing services. In order to provide this service the site must be setup with SSL, and the payment page and the connection to the payment gateway must be secure. An ssl cert is good for a single domain name, and generally must be configured on a single IP address. Also, something to think about. Your client may end up being concerned about PCI compliance which is required by all businesses that accept credit cards through their own merchant account. This would require you/them to ensure that the entire server is PCI compliant. There is quite a lot of cost and even more ongoing maintenence involved in properly securing a server and keeping it PCI compliant. There's debate on whether a shared server can even be PCI compliant. Not being PCI compliant can open a business to some huge fines especially if the server gets hacked or they end up losing cardholder data. Here's some info on PCI: http://www.pcicomplianceguide.org/merchants-20071022-gaining-pci-compliance.php https://www.pcisecuritystandards.org/ If there's a way that you dohn't have to deal with this, I strongly suggest looking into it.
Yes you need to buy extra SSL. There are many type of SSL If you want to secure more of your domain,you need to buy wildcard SSL coz it can secure all of your subdomain