Printer Friendly Version
Email this thread to a friend
|
what is best php or html? (In: General Search Engine Optimization)
Featured Web Site Template |
|
There are 0 guests and 1 members in the forums right now.
Reflects user activity within the last 5 minutes
|
|
| Member |
Message |
dirty_shame
Joined: Aug 28, 2005
# Posts: 191
|
Posted: 2005-Oct-25 11:11
I've changed the PHP code twelve times on different sites for these companies over the years, mostly because they don't have a clue about what "secure" entails. Their Advanced Method didn't even have a code description until we started to submit Curl/SSL stuff to their servers.
Authorize.net improved dramatically when Paul Allen bought it out of Utah -- for about a year. Verisign and Authorize.net (both) are now the red-headed step-child of VisaNet which employs the most convoluted, overpaid, propeller-heads on the planet. These people don't even know who owns their credit cards. They regularly reject AVS validation because...somebody moved from the east to west coast or visa-versa. VisaNet is so slooooow by today's standards that the banks don't even know who-the-Hell you are a month after you've been living in your new home.
My recommendation is: Screw them. A twelve-year-old will get you the same "exchange rate" by typing in the credit card number into a local bank terminal that costs you maybe $20.00/month. Look at your online processing fees and you will find that "non face-to-face transactions" willl cost you more than the twelve-year-old plus the expense of just typing the in yourself.
Use secure forms online (htttps), transfer them to a safe place (namely yours) and never leave the numbers on an Internet-accessible computer. It's simple.
|
 |
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Oct-25 18:47
If you raise the age requirement to 14 years old, the kid can also master stuff that is very hard to get running by scripting, custom per country shipping charges based on variable factors comes to mind as one that is extremely difficult to implement with stock setups, but which would take a kid a few minutes to learn, and every time you wanted to change it, you'd just type up a new instruction sheet for them.
|
|
dirty_shame
Joined: Aug 28, 2005
# Posts: 191
|
Posted: 2005-Oct-29 09:53
Speaking of international, I'll tell you what a 14-year-old, or a 44 or an 84-year-old can't do. Here's a short story for you.
A few years ago I set up a Visa/Matercard account here in the U.S. with Bank of America to transfer payments for goods received to Paraguay (before 9/11).
The banking system in Paraguay, like Louisianna is so incredibly corrupt that BankAmerica was the only viable option for ATM transfers on a joint account. Duh. Okay.
But that didn't work because the Address Verification System they employ for third-world countries (along with the PIN and magnetic validation) doesn't seem to list anybody in Asuncion at all. Nobody working for Visa lives on the Parana River, evidently.
The recipient himself was more respectable and trustworthy that the entire Paraguayan Cabinet, yet VisaNet phone-clones (probably in a sweat-shop in Jersy) rejected his inquiries about the continuing failures. Evidently you have to be on the World Bank Board of Directors to get money into Paraguay without hand-carrying it across the Brazilian border with locally leased donkeys, in cash.
Now, every American Tourist who reads this is going to say: "Well we didn't have any trouble with our AmEx checks and Visa cards in Asuncion...". Yeah, well your AVS checks out just fine, fortunately.
Perhaps the sole point of this whole tirade of mine in a PHP forum is this: No matter how eriudite, cool, avant-garde or super-secure your PHP coding is with regard to credit card processing, you can be sure that the fossils in charge of VisaNet will do everything in their power to thwart, stall, deplete or foil the sum of your efforts.
VisaNet is not designed to please merchants in any way, shape or form. They prefer to spend their time suing for repayment of $5.95 DVD rentals in the U.S. than expanding their international scope. Hell, by 2009 there might be at least 20 Paraguayan nationals whose AVS address passes muster, maybe.
Anybody who has had to jump through the PHP hoops to send VeriSign and AuthorizeNet payments (and keep the customers on your own site instead of sending them off to some generic piece of junk ccard page) knows it to be true.
In a merchant-oriented society like ours, where bankers are for some strange reason held in high regard, Open Source is a scary phrase. These are Microsoft/Oracle/Digital folks who actually think that 256-bit encription is worth twice as much as 128. Uh-Huh.
The LAMP (Linux[unix], Apache, MySql, PHP) package is, by far, the most popular, profitable and well-documented platform in the world. Go figure.
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Oct-29 23:09
All my experience with banking programming systems confirms what you say, of all the sectors that should have the best programming, this one routinely seems to have the worst, it's something cultural, and I think it's also because among real programmers, a bank programming job is NEVER what they want to do with their lives. Bank programming is at best a stepping stone to real programming job, I have a friend who used it for that, bank -> large security software firm -> finally MS
He's very good, and he doesn't work for the bank, and the bank could never get him, or anybody like him, to work for them.
I believe it's this that causes the problems. Plus banks are very rigid in terms of their management, and I'm sure IT guys also are not that good, since good people do not like working in very rigid structures that do not reward skill and creativity.
Same would of course apply to credit card processors etc, that's what I saw too, worst programming out there, worst websites, everything sucked.
Plus I think a tendency to work with too many corporate solutions, IIS, ASP, JSP etc... not a good combination if quality results are your end goal.
|
|
dirty_shame
Joined: Aug 28, 2005
# Posts: 191
|
Posted: 2005-Nov-01 09:11
Just walk into your local Bank's branch office, demand to see the Branch Manager and ask them what their Branch Routing Number is. If they ask a teller, stutter or cannot answer in ten seconds, immediately rent a safe deposit box, go into the private booth and put a dead Carp in there for about a month.
Then ask them for a short-term loan on the condition that you might be able to improve the smell of their security system.
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Nov-01 20:55
I had a nice chat about bank programming with a bank employee, he had previously worked for the networking division, so he had some clue, but since I have a fine nose for a bug, and the issue before us was a bug, we finally agreed that it was a bug. He gave it a good try, I know how that goes, you don't want to give up.
That bank is growing too fast, clearly its IT team was not upto the task of creating a very large network that could successfully communicate with itself under pretty much all circumstances.
This type of failure was pretty dramatic, lost records, no transaction tracking. All because my circumstance was slightly unusual, no real error detection, no failsafe, just failed.
This is a pretty big bank too. Wells Fargo is another one I've seen make major mistakes.
I think the problem is rooted in bank managers having no clue about tech stuff, but wanting rigid bids, rigid schedules, and of course lowest bids for projects, coupled with a really uncreative work environment, and an unpleasant one. That combination is virtually guaranteed to result in failure, and at a minimum, very low performance, with bugs.
The problem is that people think a program is something you buy like a toaster.
These types of failures are very common in large organizations, especially large rigid organizations, and especially in public organizations, government stuff, where the bid is forced down by legal restrictions, forcing vendors to offer absurdly low bids to get the job.
Software is not well done when put out to bid, if a potential client asks me for a bid they can basically go f themselves as far as I'm concerned, I don't want to work for idiots.
|
|
dirty_shame
Joined: Aug 28, 2005
# Posts: 191
|
Posted: 2005-Nov-08 07:59
I agree. Banks (and the inept services they provide) are probably the worst nightmare for a service-based society like ours that is composed of people who are totally dependent upon an incompetent mob of propeller-heads at the highest levels of finance.
But surely we're not that far removed from the S&L bailout, the MCI/WorldCom disaster and the Enron scam to give VisaUSA a free pass to take over screwing businesses in the name of stock market solidarity.
Right in the middle of the Merchant-Merchant Bank-Consumer-Consumer Bank Quartet you have the hydra-headed monster called VisaUSA that adjudicates the transactions according to their own, self-serving rules.
These folks are controlling about 73% of the credit card transactions in the U.S. right now, which is a sizeable chunk of change. Given that, AuthorizeNet and Verisign are just plebeians by comparison or middlemen at best.
So what do you say to your clients who want to jump into the fray with these cannibals? They MUST accept ccards to succeed yet...they are going to suffer big cash hits when VisaUSA (automatically and without warning) extracts whatever they want from the account you put it into (up to) twelve months ago.
Actually, the biggest problem is their AVS requirement, which is kind of like being interviewed by the Spanish Inqusition Board of Directors. Not only do they not posess the information you give them, they just don't care one way or the other. It's moot. They charge you anyway.
The difference is that with PHP and SSL and a good platform, all this happens in two seconds on your end. On their end, the guy who was supposed to enter the address change left early after his Davis-Bacon sandwich and your customer believes...them. Why? Because they send them money every month.
The end result of this scenerio is that the customer doesn't get what they want, the merchant sells nothing and VisaUSA charges everybody for using their service anyway. What a great idea.
What's happening is that PHP and the modules it can use (and the LAMP combination in general) are actually more sophisticated than what the banks use. Banks and banking institutions are slow, plodding, ritualistic animals that cannot do anything rapidly. Try to send a 128-bit encrypted card number to China sometime. Nada (Hell, the Chinese Government would take a month ruminating over that).
I'm going to write the perfect PHP code for banks that identifies the lat/lon of the user-agent, measures the current ambient temperature outside their building against Google World stats and the Weather Channel then asks the user for hat size, shoe size and second-to-last mothers maiden name, password, SSN, PIN, secret hint, favorite flower and how many molecules in a Mole. Then I'm going to encrypt it 20 time with everything from MD5 to Blowfish and send the whole works to them over a secure, dedicated land line.
If you wish to participate in this program like this, please do not contact me, ever.
|
|
You are not permitted to post messages in this forum or topic, because of one or more of the following reasons:
- You have not yet logged in, or registered properly as a member
- You are a member, but no longer have posting rights.
- This is a private forum, for which you do not have permissions.
If you are a recent member, it's possible that you simply have not yet confirmed your account. Please
check your email for a message entitled 'JimWorld Forums: Confirm Your Account' and follow the instructions
contained within.
If you cannot find this message, click here to Re-Send it.
|
If you are still experiencing problem, please read the
Login Assistance
Article for some advice on what may be causing your login not to work properly.
|
Switch to Advanced Editor and ...
Create a New Topic
or Reply to this Thread
|
|
Inbox
