Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Subscribe to HRA Now!


Are you a Google Analytics enthusiast?

Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE! 




From the folks who brought you High Rankings!


Accepting Credit Cards

  • Please log in to reply
4 replies to this topic

#1 joesc230


    HR 2

  • Members
  • PipPip
  • 14 posts

Posted 20 May 2010 - 12:54 PM


If I want to accept credit cards online through a spry validated form that I created. I alredy have an SSL, so I'm able to use an https URL for the page that the form is on. Is there anything else I need to legally do to accept credit cards through my web site? All this is for is for customers to sent over credit card numbers for manual payments that we make on our end. I don't need it to be automated or anything like that, since we manually charge the card once we receive the info. The form I created would e-mail us the clients payment information, through a FormMail php script - is there a better way to do this?

I wasn't sure if I needed to do anything additional, as far as PCI compliance or encryption goes, or if I'm good to go. Any info would be greatly appreciated, thanks!!

#2 Jill


    Recovering SEO

  • Admin
  • 33,244 posts

Posted 20 May 2010 - 03:46 PM

The form I created would e-mail us the clients payment information, through a FormMail php script - is there a better way to do this?

If it's emailing you the info, it's not secure.

And if you're storing it in a database on your site, there are a whole host of rules you need to follow.

Your best bet is to only allow people to fax the cc number to you or to have them call. Otherwise, you'll want to use a payment gateway.

#3 Scottie


    Psycho Mom

  • Admin
  • 6,294 posts
  • Location:Columbia, SC

Posted 20 May 2010 - 06:53 PM

Check out Mal's E-commerce, a free shopping cart/credit card storage solution. I've used it for years.

#4 Mooro


    HR 4

  • Active Members
  • PipPipPipPip
  • 157 posts
  • Location:Loughborough, Leicestershire

Posted 22 May 2010 - 04:17 AM

You shouldn't be accepting cards unless your site is fully PCI (payment card industry) compliant.

SSL alone isn't enough, can your site read and write files from other sites on the same server? Are all the unwanted ports blocked? Do you have a firewall? There's so much more to taking cards than getting an SSL certificate and taking card details via https.

Lots more.


Chances are if you're on a bog standard shared hosting setup you're not going to be compliant.

An external gateway that processes the transactions in realtime would be the best option I'm thinking.

I've seen a big UK based mobile phone retailer (based here in Loughborough and owned by Carphone Warehouse) store card details UNENCRYPTED in a MySQL database, complete with start date, end date, card issue number, card number and three digit secutiry code. It stored everything a fraudster would need to make a killing.

I worked there for a very short time a few years ago and was mortified when I saw that. I think that was my last day, saw that, went for lunch and decided to go to the pub that afternoon rather than return to working somewhere so lapse with user data.

#5 joesc230


    HR 2

  • Members
  • PipPip
  • 14 posts

Posted 17 June 2010 - 08:24 PM

Thanks for all the info! I think I'm just going to junk this idea and stick with what we've been doing. Our site currently runs our booking engine through a fully PCI system, but it only works for people that make initial purchases. I supposed we'll just stick to accepting credit cards over the phone for customers that need to make additional payments.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

We are now a read-only forum.
No new posts or registrations allowed.