Hey,
If I want to accept credit cards online through a spry validated form that I created. I alredy have an SSL, so I'm able to use an https URL for the page that the form is on. Is there anything else I need to legally do to accept credit cards through my web site? All this is for is for customers to sent over credit card numbers for manual payments that we make on our end. I don't need it to be automated or anything like that, since we manually charge the card once we receive the info. The form I created would e-mail us the clients payment information, through a FormMail php script - is there a better way to do this?
I wasn't sure if I needed to do anything additional, as far as PCI compliance or encryption goes, or if I'm good to go. Any info would be greatly appreciated, thanks!!
Subscribe to HRA Now!
Are you a Google Analytics enthusiast?
Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE!
www.CustomReportSharing.com
From the folks who brought you High Rankings!
More SEO Content
International SEM | Social Media | Search Friendly Design | SEO | Paid Search / PPC | Seminars | Forum Threads | Q&A | Copywriting | Keyword Research | Web Analytics / Conversions | Blogging | Dynamic Sites | Linking | SEO Services | Site Architecture | Search Engine Spam | Wrap-ups | Business Issues | HRA Questions | Online Courses
Sponsored Content
Accepting Credit Cards
Started by
joesc230
, May 20 2010 12:54 PM
4 replies to this topic
#2
Jill
-
- Admin
-
- 32,321 posts
High Rankings Advisor
Posted 20 May 2010 - 03:46 PM
QUOTE
The form I created would e-mail us the clients payment information, through a FormMail php script - is there a better way to do this?
If it's emailing you the info, it's not secure.
And if you're storing it in a database on your site, there are a whole host of rules you need to follow.
Your best bet is to only allow people to fax the cc number to you or to have them call. Otherwise, you'll want to use a payment gateway.
#3
Scottie
-
- Admin
-
- 6,293 posts
Psycho Mom
- Location:Columbia, SC
Posted 20 May 2010 - 06:53 PM
Check out Mal's E-commerce, a free shopping cart/credit card storage solution. I've used it for years.
#4
Mooro
-
- Active Members
-
- 157 posts
HR 4
- Location:Loughborough, Leicestershire
Posted 22 May 2010 - 04:17 AM
You shouldn't be accepting cards unless your site is fully PCI (payment card industry) compliant.
SSL alone isn't enough, can your site read and write files from other sites on the same server? Are all the unwanted ports blocked? Do you have a firewall? There's so much more to taking cards than getting an SSL certificate and taking card details via https.
Lots more.
http://en.wikipedia....curity_Standard
Chances are if you're on a bog standard shared hosting setup you're not going to be compliant.
An external gateway that processes the transactions in realtime would be the best option I'm thinking.
I've seen a big UK based mobile phone retailer (based here in Loughborough and owned by Carphone Warehouse) store card details UNENCRYPTED in a MySQL database, complete with start date, end date, card issue number, card number and three digit secutiry code. It stored everything a fraudster would need to make a killing.
I worked there for a very short time a few years ago and was mortified when I saw that. I think that was my last day, saw that, went for lunch and decided to go to the pub that afternoon rather than return to working somewhere so lapse with user data.
SSL alone isn't enough, can your site read and write files from other sites on the same server? Are all the unwanted ports blocked? Do you have a firewall? There's so much more to taking cards than getting an SSL certificate and taking card details via https.
Lots more.
http://en.wikipedia....curity_Standard
Chances are if you're on a bog standard shared hosting setup you're not going to be compliant.
An external gateway that processes the transactions in realtime would be the best option I'm thinking.
I've seen a big UK based mobile phone retailer (based here in Loughborough and owned by Carphone Warehouse) store card details UNENCRYPTED in a MySQL database, complete with start date, end date, card issue number, card number and three digit secutiry code. It stored everything a fraudster would need to make a killing.
I worked there for a very short time a few years ago and was mortified when I saw that. I think that was my last day, saw that, went for lunch and decided to go to the pub that afternoon rather than return to working somewhere so lapse with user data.
#5
joesc230
-
- Members
-
- 14 posts
HR 2
Posted 17 June 2010 - 08:24 PM
Thanks for all the info! I think I'm just going to junk this idea and stick with what we've been doing. Our site currently runs our booking engine through a fully PCI system, but it only works for people that make initial purchases. I supposed we'll just stick to accepting credit cards over the phone for customers that need to make additional payments.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
