A former colleague made an online shopping app. Boss wanted to promote him to Senior Developer when he still working with us.

14 days ago another colleague checked the code and told the boss that it's ready for production. No one asked me because everyone in the company thinks am the stupid developer of them all.

So what happened?
Well the total value of the cart was being over to payment gateway using a hidden field. Well you know the rest of the story.

The client has sued our company for this issue and boss came running to me and asked me to check if it was our fault or something else.

I checked and found the hidden value where the total value of cart was being stored and send over to payment gateway. The following is the conversation between me and the colleague who checked the code:

Me: So you checked the code and everything was okay?
Him: Yes, all good.
Me: Did you see this hidden field where the total value of cart is being passed to the payment gateway?
Him: Yes
Me: Why didn't you fix this?
Him: What's there to fix?
Me: Well someone can temper the value and let it pass to the payment gateway.
Him: No, they can't we are using https
Me: I' am done with you

He has Masters in software engineering and has few security certificates.

This motherfucker tried to fuck me!

Ok, here's the full story.
I applied for a quick job as freelancer. He told me I just had to implement stripe payment gateway. After finishing that he asked to save the user data from payment to the database, too. I added that. All the way he wanted me to work on his ugly project on a rotten server through cpanel. But I refused instead I uploaded a showcase environment on my own server.
After he tested my code and all was working as expected he again tried to make me implement the code right away into his retarded project before payment. When I mentioned that he has to pay me first he started bitching that he won't pay in advance.

At this point I left that fucker. Knowing that my feeling was right and this bitch never had the intention to pay for my work. He just wanted to steel my code.

Fuck you. I hope you get eaten in your bed by very hungry slugs one day. Like this one guy here on devrant.

I thought there was no worse freelancer site than fiverr.

*insert "Boy you were wrong" here*

freelancer.com

No. Just No.

- Limited to 8 bids as a free account
- You get 1 bid back every 90 FUCKING HOURS
- CLIENTS ARE EVEN MORE RETARDED THAN ON FIVERR
- HALF OF PEOPLE WANT YOU TO SELL YOUR UPWORK ACCOUNT TO THEM
- 5€ FOR 2000 WORDS OF TRANSLATION? ARE YOU FUCKING KIDDING? END YOURSELF PLEASE
- "Design a custom social network (video chat, chat, forum, shop and payment gateway) quick!!!" for 100€, within one day.

What the fuck.

AAAAAAAAAAAAAAAAAHHHHHHH

Well on my first job we had to integrate payment gateways in client apps for online payment. On my second week in office I published an app on the play store with payment gateway credentials for a different client cause they were there as default values. So the money for one client would go to the other. Nobody noticed it for two weeks and when they did, I thought I had just lost my job and also I would now have to pay all the losses out of my pocket but fortunately I didn't have to cause no transactions​ had yet been made. After that I always checked my integrations atleast five times before publishing. The incident scared the shit out of me but taught me the value of developer responsibility.

I was on vacation when my employer’s new fiscal year started. My manager let me take vacation because it’s not like anything critical was going to happen. Well, joke was on us because we didn’t foresee the stupidity of others…

I had to update a few product codes in the website’s web config and deploy those changes. I was only going to be logged in for 30 minutes to complete that.

I get messaged by one of our database admins. He was doing testing and was unable to complete a payment on the website. That was strange. There was a change pushed by our offsite dev agency, but that was all frontend changes (just updating text) and wouldn’t affect payments.

We don’t want to enlist the dev agency for debugging work, especially when it’s not likely that it’s a code issue. But I was on vacation and I couldn’t stay online past the time I had budgeted for. So my employer enlists the dev agency for help. It’s going to be costly because the agency is in Lithuania, it was past their business hours, and it was emergency support.

Dev agency looks at error logs. There are Apple Pay errors, but that doesn’t explain why non Apple Pay transactions aren’t going through. They roll back my deployment and theirs, but no change. They tell my employer to contact our payment processor.

My manager and the Product Manager contact Payroll, who is the stakeholder for our payment gateways. Payroll contacts our payment gateway and finds out a service called Decision Manager was recently configured for our account. Decision Manager was declining all payments. Payroll was not the person who had Decision Manager installed and our account using this service was news to her.

Payroll works with our payment processor to get payments working again. The damage is pretty severe. Online payments were down for at least 12 hours. Our call center had logged reports from customers the night before.

At our post mortem, we had to find out who ok’d Decision Manager without telling anyone. Luckily, it was quick work. The first stakeholder up was for the Fundraising Dept. She said it wasn’t her or anyone on her team. Our VP of Analytics broke it to her that our payment processor gave us the name of the person who ok’d Decision Manager and it was someone on the Fundraising team. Fundraising then starts backtracking and says that oh yes she knew about it but transactions were still working after the Decision Manager had been configured. WTAF.

Everyone is dumbfounded by this. How could you make a big change to our payment processor and not tell anyone? How did our payment processor allow you to make this change when you’re not the account admin (you’re just a user)?

Our company head had to give an awkward speech about communication and how it’s important. The web team can’t figure out issues if you don’t tell us what you did. The company head was pissed because it was a shitty way to start off the new fiscal year. Our bill for the dev agency must have been over $1000 for debugging work that wasn’t helpful.

Amazingly, no one was fired.

Client: Yo, there's like a 30k difference between the invoices in the application and paypal.
CTO: Yeah, that's really sad. Btw, did you know that our payment gateway supports credit cards, which won't be shown in paypal?

I'm writing this in a funny tone, but I was the person who basically implemented every aspect of accounting in that application, so I praying silently 😅

The company I work for is requiring customers to submit credit card info in an online form which then gets stored into our "secure database". Which employees then pull and charge the card later on. They're also telling customers that the form is "encrypted". This is all because they're too fucking lazy and not patient enough to wait for someone to integrate a payment gateway. This is a lawsuit waiting to happen.

Laravel payment gateway
Ep 2 (part 1)

ps: all chats are dummy of the original of conversation and a little bit exaggerated but they are close to the original facts

had an issue where our clients payment gateway would duplicate the charge (at the gateway...not at the application) before sending it to the bank officially - the bank would detect the duplication then void both charges.

the gateway service admitted this was a bug, the bank it was tied to admitted it was a bug - but they wouldnt fix it. so my solution was to send a special uid with the original transaction (put it in a special field) and had the bank track that one as the "known good"

the funny thing? next version of the gateway api included this as a feature, but i got no credit.

Massive payment gateway (not gonna say names) with more then 10k transactions / hour telling md5 is one of most secure encryptions they have. Only to made worse by the fact that they send the key and hashed key in the same request.

I am advising all our clients to change payment gateway asap if they use this one.

Boss: We need to disable CSRF and any other form of security, because that shitty, insignificant client has a website that is abomination anyone's eyes, can't pay because of the iframe thingy.

Me: I'd advice against it. This is a significant security issue that just screams to be exploited and there has to be a solution, but idk much about this situation.

Boss: Idk we need to kiss every clients ass till they come. Remove all the security

Me: *Just wants to get home, last one in the office besides the boss* fine
*removes it, deploys and gets the fuck home*

...2 weeks later

Payment gateway: Yeah, we blocked your account, because someone was trying to purchase 30k product in a span of 1h

I'm not even mad about that, but rather about the fact I fucking called it.

* Achievement unlocked: Targeted by scammers

P.s. no major damages, cause the guys from the payment gate understand shit about security.

I’m LOLing at the audacity of one of our vendors.

We contract with a vendor to build and maintain a website. Our network security team noticed there was a security breach of the vendor’s website. Our team saw that malicious users gained access to our Google Search console by completing a challenge that was issued to the vendor’s site.

At first, the vendor tried to convince us that their site wasn’t comprised and it was the Google search Console that was compromised. Nah dude. Our Search Console got compromised via the website you maintain for us. Luckily our network team was able to remove the malicious users from our search console.

That vendor site accepts credit card payments and displays the user’s contact info like address, email, and phone. The vendor uses keys that are tied to our payment gateway. So now my employer is demanding a full incident report from the vendor because their dropping the ball could have compromised our users’ data and we might be responsible for PCI issues.

And the vendor tried to shit on us even more. The vendor also generates vanity urls for our users. My employer decided to temporarily redirect users to our main site (non vendor) because users already received those links and in order to not lose revenue. The vendor’s solution is to build a service that will redirect their vanity urls to our main site. And they wanted to charge us $5000 usd for this. We already pay them $1000 a month already.

WTAF we are not stupid. Our network service team said we could make the argument that they do this without extra charge because it falls in the scope of our contract with them. Our network team also said that we could terminate the contract because the security breach means they didn’t render the service they were contracted to do. Guess it’s time for us to get our lawyer’s take on this.

So now it looks like my stakeholders want me to rebuild all of this in house. I already have a lot on my plate, but I’m going to be open to their requests because we are still in the debrief phase.

So, company I work at, is on desperate need of PHP developers, who can work in WordPress and Magneto. Company announced vacancy.

Only 20 CVs were dropped 4 days before from today. So company called all of them for interview and I was one of the interviewer. Most of applicants told me that they know Laravel but not WordPress.

I was like fine. Maybe they can work on WordPress too. But I was wrong. Here are some funny interviews:

Me: how many types of inheritance does PHP support?
Applicant 1: 7. Single, multiple, etc..

Me: Do you know difference between interface and abstract class?
Applicant 2: (he just said some gibberish)

Me: why do u prefer Laravel to WordPress?
Applicant 3: because by default Laravel support payment gateway, so we can create e commerce application faster. WordPress doesn't support payment gateway.

Me: how many WordPress site you have worked on?
Applicant 4: I have 4 themes in WordPress.org
Me: Do you create all of them by yourself?
Applicant 4: Yes
Me: Do u know difference between require and include?
Applicant 4: No
Me: Do u know difference between query_posts and WP_Query?
Applicant 4: No
Me: (facepalm)

Laravel payment gateway
Ep 2 (part 2)

ps: all chats are dummy of the original of conversation and a little bit exaggerated but they are close to the original facts

Working on a new payment gateway for one of my customers, and it turns out that instead of just specifying the parameters for what to include in the API call they want you to use their drop-in module for it...which is still written in PHP 4 and hasn't been updated since 2011. Also turns out that they only accept data formatted in XML.

Not insurmountable, but more than I feel like dealing with right this moment...

Client: can you build a website like that for the MissWorld competition and it should have a payment gateway.
Me: what other requirements do you have?
Client: hmmn..just something to showcase our agency.
Me: what's ur budget?
Client: around $100
Me: ** you must be kidding **

Why do payment portals never work correctly?
I just wanted to pay for a service (monthly fee, but you can pay manually), and after the very last step, the fucking site just got stuck at a loading circle. 🤨 Now I have no idea if the payment got through or not.

So marketing department what our team to create a payment gateway from scratch, and must use our own programming language...

Personally , create a programming language is good idea but is time consuming and buggy

Well i am working as an intern at this startup. Initially it was all simple crons and database. After one month one of the founder asks me to map two tables, create an api, integrate a fucking payment gateway and i am now left with a lot of work and confused state of mind.

PS: i am first year cse student

When I started doing frontend development, I was quite shocked with how people managed to cowboy code their way into building fully functional products with a decent paying client base.

I am talking about fully function SaaS with payment gateway and all, but no version control beyond full backup copies, and spaghetti code everywhere you can literally bring the website down trying to change the homepage design.

... and the startups that managed to do better, some of them forgot the .git on production exposing their entire source code *facepalm*

Payment gateways are such a big pain to implement. Docs say that they will return values A,B,C but what you end up recieving is X,Y,Z.
And don't get me started on the webhooks, man they return values completely different values from the api end points and with no reference what so ever to the fields returned by them.

Wish i could get the documentation writer's address and may be the dev as well!!

Friend: I have a idea that will make us millions!
Me: okay, what is it?
Friend: oh its very simple, what I need you to do is build a payment gateway that supports X billing platforms, Y security protocols, crash proof, blah blah blah... Should be done in a week right?

What's the most popular online payment method in Malaysia? I'm Chinese developer, creating an ecommerce product for Malaysia.

How long do you think it'll take to build shopping cart capability, order management system and integrate into a payment gateway with 1 backend developer and 1 front-end developer?

If there are any readily available libraries or OSS for these, please let me know.

Elavon payment gateway was pretty awful.

Expectations: "I will just implement a simple checkout with this payment gateway API, it should be easy to get it working. Probably a day or two at most"
Reality: Spend a week fighting with the SDK, the rest API, and the incomplete documentation just to realize you'll need to fork and fix the fucking official SDK just to make it work.

!rant

When making an ecommerce site, what platform do you guys use? WooCommerce, Magento, Shopify, ....

Or do you just start from scratch with a payment gateway such as stripe or icepay

Just fucking hate how expensive and hard to find a cheap SMS gateway

And as in cheap, I mean cheap as send email

I found Cheap Global SMS and it doesn't have a professional website nor a good API but it is way more cheap

Downside? I must pay with a payment gateway made by the same company (coincidence?)

And NO WAY I'm sending my id to a payment gateway that no one uses

I'll try sending some random image to see if they accept it

But, still, no confidence to put my credit card in there

Hating WooCommerce at the moment. Have to update a private CC payment gateway plugin to do tokenization and subscriptions. The examples are pitching errors and deprecation notices, not all steps are being shown, and the example plugins aren’t providing any useful hints, either...

Last thing I need to deliver before Christmas; looking to be a long night...

Urrrgghhh! Payment Gateways. Why can't they be a simple as Stripe. 😥

Related to the project in my last rant...

Project got delayed for about a month in total because the API for the payment gateway wasn’t allowing charges against stored cards. Could save, modify, and delete them, but no charges.

After a week of trying to get things working based on the documentation, I get in touch with the vendor (great people) who file a support request with the people running the processor so we can see what’s up. Long story short, that amounted to 3 weeks of getting ignored until the vendor raised hell on my behalf, only to get the following reply back:

“You’ve been using the dev credentials, try it on live transactions instead!”

Thankfully, we’re able to move the customer to another processor under the same vendor, where I already have all the requests figured out...

Because you maintain a WooCommerce payment gateway plugin, a user contacts you to ask if it can do something that seriously extends the basic checkout functionality.

An e-mail conversation ensues to clarify the nature of the request and see if it is even remotely in scope for the plugin (it isn't).

Final e-mail from the user ends with, "It really isn't all that hard. I think you can probably knock it out in a day or two. ;)"

Fuck the bureacracy.

It's so difficult being an solo entrepreneur due to outdated bureacracy.

I just wanted to have a current/ business bank account to separate txns related to the business from my personal account and GST ID to officially register the business and also avoid headaches with taxes in the future.

However, If you want business bank account in the name of business, you have to have an official registration for the business and GST is the easiest and affordable way for sole proprietorship. Since my work is basically online and can be done remote, it doesn't make sense to waste money renting or buying an office space, getting electricity coonection or pay other related expenses which is necessary to have to show as proof of existence.

So I went ahead and purchased a virtual office plan and applied for GST with required documents. However, the bureacrat rejected the application. The informed about it to the biz where I purchased this virtual office and they had a meeting with the bureacrat and they were told virtual office address can't be allowed.

They told had no such issues in last few years and now on they are gonna have to stop providing virtual office to register GST. That was one of the main reason people went with virtual office.

Now I won't be able to open a business bank account.

I won't be able to signup for payment gateway networks. They ask for GST ID.

I won't be able to complete Paypal business registration.

I may have to expose my personal address on invoices or otherwise lie on it.

I will have to use my savings account for any expense related to it.

Also by end of this fiscal year, I probably gonna have to deal with tax issues.

The new project was started.

Planning, analysis, design.... all right.
Now contacting all the companies for partner programs, finding payment gateway that will agree to work with our country.
For fucks sake. third week goes, and still no code writing. Just researching, contacting, researching. Urgh.

I want to code already! I am just
a backend/DevOps person! When it would be coding time?!

Previous job I worked, we had a system for taking bookings. I may have made a slight miscalculation in implementing the payment api. Which resulted in people being double charged, undercharged etc. Tbh the payment gateway was ancient and we had to grapple with their SOAP API not fun. But just shows we all made mistakes, suppose it's how you deal with them, when they crop up that defines us as devs.

I have a task:
Make a feature to gather donates at web site through debit cards and e.t.c.

Additional conditions:
There is no company to register the payment gateway.
U need to find the one that would agree to work with physical person in Russia.
It needs to accept payments in USD and EURO worldwide.

Just last week I made a webstore app to host some premium WordPress plugins and I'm using PayPal as payment gateway. Today I received an email that PayPal has put limitations on my account and wants me to provide them with some more details.

I haven't sold any plugins yet and PayPal putting their limitations...like what the hell man.

Fuck You Moneris. You piece of Sh*t payment gateway

I need an advise for my capstone project. I'm planning to make an online booking system for a ferry company. Planning to make it for android and ios and maybe for web too. Did some research and found about ionic. Looks amazing but not sure if it's the right tech to use for my plan. Also about the payment gateway, I want the customers to pay on the app or the website directly without redirecting them to other website. Not really sure if I can use paypal with this, also i need the system to accept mastercard and visa.

I did the research, so please no hate, I'm not asking for the code. I just want to know the right tech to use. I'm just super confused and lost right now.

What payment gateway does the Google pay use ? I couldn't get a clear answer

Overheard this morning from a desperate developer trying to find credentials for an undocumented payment gateway: "I found a random email address for someone who was at some point our account manager in documentation from 2012. I emailed it."

Does anyone here have experience with the eBay iOS or Android app, specifically with setting up alternate payment gateways on eBay (other than PayPal) to collect payment on purchased items? I have a client who for various reasons can no longer use PayPal to collect payment on eBay. On purchases made via the website on Desktop there are no problems with Authorize.net. But when people try to purchase via the app specifically, they are given a stupid and unhelpful message to use the desktop browser purchase experience instead. For the client it is costing about 60% of potential eBay sales.

Everything I’ve been reading on eBay’s own forums and elsewhere shows that this is an ongoing and unsolved issue for a lot of store owners and eBay seems to be in no hurry to remedy it. I’ve been over this several times with multiple eBay support reps but all I get are inconsistent and misleading answers. Or maybe I’m just not asking or searching right and the answer is out there somewhere. Any advice?

does anyone knows how the FUCK to integrate Rails with MidTrans?

I don't hate rails, I just don't know how the FUCK to integrate it with my local payment.

I want to open a store aimed at the US audience and accept payments from there. Please tell me who uses which payment gateway? and what is the conversion of payments when making payments from the US

Lets just say that Stripe payment gateway or paypal doesn't work in your country, but you have to accept payment through credit/debit cards like martercard/visa and Paypal in your web app or mobile app. How would you do it?