I'm about to work with a bank to set up a self hosted payment form. Their requirements and documentation makes sense so far.
On my end of the database I don't record sensitive data such as credit card details.
Question:
I have created a field in my users table called paid, which will contain either a 1 or 0
Should that be enough for the bank?
I'm assuming its like pay-pal where you can put a link inside to run after payment is approved. My script would simply update the - paid - field with a 1 if the payment was a success. ELSE if the payment were not a success it would update with zero and send email to staff and user etc...
Is that the simplicity of it or am I missing something?
This isn't really an answer, since there wasn't a specific question, but my two cents..
Your solution is likely overly simplistic. Consider the following:
Is this a subscription product, a physical, delivered product, or something else entirely? Requirements will be different depending. That you have the "paid" flag on your users table leads me to believe that it is a subscriptions. If so, it is likely misnamed. Instead of "paid", you likely want a flag for "currently subscribed", since the user will actually pay multiple times.
What's the policy for refunds, charge backs, or partial credits?
Does it matter how the user paid or when the user paid?