0

Suppose some online retailer uses XYZ Bank's payment gateway. Is it possible to do the job of filling in card details and proceeding through the entire process using a script? If yes, is it legal?

Update: To make the question more clear, I'll give a scenario.

Suppose the retailer we're talking about is Amazon, and I wan to use a card/netbanking (not PayPal). I want to be able to place an order on Amazon using a script which does the job of filling my cart and making the payment. Say the cart thing has been taken care of. How do I automate the payment process now? If it's allowed that is. Card details etc will not of some user, but my own, so no security issues with that I suppose.

absk
  • 643
  • 1
  • 6
  • 15

2 Answers2

1

The payment API would usually support something like this. For example, if we look at Paypal's direct payment api, they provide secure means for you to pass credit card numbers, etc to Paypal to process the payment.

If you are thinking to do this to process recurring payments, then you are doing it the wrong way. You should never store any credit card details unless you are PCI-DSS compliant. This takes a lot of work and auditing, so it is somewhat rare for small and medium companies to do it. For recurring payments, store the credit card numbers with your payment gateway (most should provide a means to do this) and the gateway should return a token to store. Every time you want to charge the card, simply pass the token to your gateway.

Given the new information:

What you are trying to do is to automate the browser (that's the best way to do it). You could write a script that connects to Amazon, loads the page, fills in the POST variable, send it back, get results and so on, but it is not very robust. For example, if amazon changes the name of a few post variables or even the markup, then your script would fail.

The best way to do this is to use a Browser Automation framework. Selenium is prbably the most popular and most well known. It is often used to automate testing user interfaces, but it is also useful for doing something like you are suggesting. You can use Selenium IDE which is a Firefox addon to quickly reproduce and replay recorded actions. For something more advanced and highly scriptable, try Selenium WebDriver.

As for whether this is legal or not, I don't see why it shouldn't be legal if you are using your own credit cards and what not.

Community
  • 1
  • 1
F21
  • 32,163
  • 26
  • 99
  • 170
0

If you are using your own credit card details it's at your own risk so very minimal legel issues. But it's always a good idea to store & transmit(SSL) card details encrypted for some peace of mind. But if it's for wider public you will need to look into PCI guidelines and matching class requirements.

Laknath
  • 470
  • 5
  • 5