I intend to use eWay as payment gateway but encounter problem after problem in implementing it.
As I don't want to touch credit card details at any point, not storing nor transfering via my site due to PCI requirements, I need to redirect users to page hosted by gateway. Users provide all the details there and gateway returns result confirmation to the page I specified, lets call it payment_done.php.
Now, in payment_done.php I dont know for sure if the confirmation came back from payment gateway itself or someone just POSTed it to my page and its a fake. So my page might receive confirmation, but payment might not be done at all.
Now in payment_done.php I need to ask eway then if this confirmation I received (with some specific transaction ID) came from them and if so the amount is right etc. Eway will return true/false back to me and then I can be sure payments been done for the right amount.
Now problem is that eway seems to allow to query for this confirmation only 100 times a day.
I seem to run out of ideas now and desperately seeking help. What options do I have left? It seems unbelievable that there is no way to make it work without falling into PCI compliance issues, even using payment gateway hosted page. Thanks in advance for any help.