I've been doing some learning on building an eCommerce website. I have a friend who bought an off the shelf package but it's tricky to use and needs the support of the IT company to help customize it and make changes on the live site.
As a developer, I find those packages restrictive, especially when the client is asking for specific things - which I know I could do if I was writing the code myself, but which are not possible within the confides of the package.
After thinking it through and taking some advice from another developer, I went down the "build it myself completely from scratch..." path. The bit I didn't build was the payment gateway and security, choosing instead to integrate with PayPal.
The rough prototype works really nicely. There's a product listing page with products broken down by category, a product search, thumbnail images and a cookie based shopping cart (so the customers basket keeps its contents if they close the browser).
The shopping cart is uploaded to PayPal where the customer can log in if they have a PayPal account - and make the payment with 2 clicks or securely pay with their debit or credit card. Once the payment is processed, the customer is redirected back to a thank you page where their basket is emptied.
I also set up the PayPal IPN (Instant Payment Notification) which is a message from PayPal containing all the details of the processed payment. This is sent to my site, processed and the data uploaded back into my database - for example to reduce stock, use for reporting or enable a software download to be triggered.
The PayPal integration was all quite straightforward, I guess because it's been done so many times before. The fees all seemed reasonable too considering I'd be paying for an SSL certificate anyway and there is a level of trust around PayPal.