For my final project in college I want to write my own payment processing system. It would have a backend payment processing server and client (merchant) frontend.
I would like to have the backend run and wait for connections/transactions from the client server i.e. the merchant. The backend would then do its magic and send a response to the merchant saying whether or not the payment was authorised.
I am aware of the difference between a payment processor and a bank. I want to develop the payment processor side and not the bank, nor will this system intergrate with any real banks or use real money.
In practice the payment processor talks to the issuing bank and gets authorization there. I think I could use a simple DB table of account numbers and balance for this. i.e. does the customer have enough money or not.
I want my main area of focus on this project to be on writing the backend server to be robust and handle requests concurrently. I also want to concentrate on encryption and security etc between client and server. I would like to study the PCI compliance regulations etc.
It is now early November with the deadline for the whole project in mid March 2012.
What do you guys think of my idea and do you think I could achieve something worthwhile given the time?
You could probably do a fairly decent job of mocking one up. In practice, most of the payment gateways wrap a lower level switch with their own communication scheme so they can integrate value-added services like fraud detection. Implementing low-level communication standards is really not required. If you want to do a decent mock-up and not spend time writing a lot of stuff from scratch, stick to the more business oriented tools with Java or .Net.
I'd suggest making a web service definition using IIS/.Net or Tomcat/JBoss/Java to define how your authorization and settlement is going to work. You can implement just about anything required by PCI DSS using tools available in the .Net/Java core libraries without having to resort to third party libraries.