Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Secure online transactions

Options
  • 15-07-2004 4:46pm
    #1
    bos
    Registered Users Posts: 20


    Hi, I have a client who wants to be able to accept credit card orders from his website. However, while this service will be useful to some of his customers, the turnover is expected to be low. For this reason, I don't think it's worth paying for automatic credit card processing.

    What I want to know is what is the safest way to accept credit card details without automatic processing. It's no problem putting a form on a secure server using SSL but how do I get these details to the client? Is it secure to simply forward the details from the form via e-mail?? We don't want to store the details on the server. We simply want them to be securely forwarded to the client.

    Thanks...


Comments

  • Options
    #2
    jank
    Banned (with Prison Access) Posts: 13,018 ✭✭✭✭jank


    why do u want to get the data to the client?

    does yer man want to have the stuff stored on his own computer


    look into ssh (secure shell)


  • Options
    #3
    aidan_walsh
    Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    I'm guessing he means from the client to the host...

    Email is most certainly NOT any form of a secure methhod of sending credit card details, unless you are using something like PGP encryption. You best bet would probably be a server-side encryption, or Open SSH...


  • Options
    #4
    jank
    Banned (with Prison Access) Posts: 13,018 ✭✭✭✭jank


    Originally posted by doodle_sketch
    I'm guessing he means from the client to the host...


    i thought SSL would do it here?


  • Options
    #5
    mneylon
    Registered Users Posts: 7,739 ✭✭✭mneylon


    If the turnover is low you should look at using a 3rd party processor such as 2checkout or paysystems. They provide a secure gateway for the CC transactions.

    Blog | Tweets



  • Options
    #6
    bos
    Registered Users Posts: 20 bos


    Thanks for the suggestions. I'd like to avoid going through a third-party to keep costs to an absolute minimum. Just to clarify:

    The shop owner in question sends out printed, mail-order catalogues. He wants to give his customers the option of placing their orders on his website rather than having to post back the printed order form. The budget isn't there to put the whole catalogue online so it's not a shopping cart system. It's simply a secure, online order form.

    I want to collect the credit card information using a secure SSL form. That part isn't a problem. However, I want the shop owner to be able to securely collect this information so he can then process it in the same way as a credit card order over the phone.

    I have read online that the form can direct the information to a secure, encrypted e-mail account on the secure server, which Outlook Express is able to connect to.

    Hosting365 is the host I usually use. Do they offer anything like this?

    If I'm on the wrong track, please tell me the best way to go about what I'm trying to do...


  • Advertisement
  • Options
    #7
    mneylon
    Registered Users Posts: 7,739 ✭✭✭mneylon


    Originally posted by bos

    Hosting365 is the host I usually use. Do they offer anything like this?

    You should contact them directly


    Email is not a secure protocol by its very nature. You can "secure" it more, but unless you are willing to invest time and money in doing so it is not viable.

    The simplest solution would be to store the CC details behind SSL and let the client collect them directly.
    However unless you are running in a dedicated environment you will never have any real security.
    Using a 3rd party gateway is more cost-effective, as they look after all the security elements for you

    Blog | Tweets



  • Options
    #8
    FreeHost
    Closed Accounts Posts: 237 ✭✭FreeHost


    You could use a secure POP account, Also most of the big SSL Cert providers give a free secure cert for POP accounts. You may have to ask H365 to move you to your own IP based site, you probably have this if you’re hosting an order form on [url]https://[/url]


  • Options
    #9
    Webmonkey
    Registered Users Posts: 9,579 ✭✭✭Webmonkey


    What about PGP email encryption?, or if you create a encoder to encrypt the data before it leaves the webserver and decode it at the other end. This could take some time alright though


  • Options
    #10
    ColdFusion
    Closed Accounts Posts: 12 ColdFusion


    Why you can not store CC data into the database and create small SSLed web interface to that database utilizing OR PHP or ASP or JSP or ColdFusion? :confused:


  • Options
    #11
    steve-hosting36
    Closed Accounts Posts: 2,161 ✭✭✭steve-hosting36


    Tnere are a couple of options:

    1. Use PGP to encrypt the emails so that only the store owner can read them
    2. Basic - use SSL and password authentication to read the cc details using a browser (then delete them)
    3. Less Basic - store orders in an encrypted database, and the store owner can use a password/key over SSL to decrypt and read his orders.

    1 and 3 give you good security on a shared hosting system.
    2 would be fine for most uses, you can integrate an email / sms alert of the order to ensure the details are not on the server for long.

    HTH, Steve


  • Advertisement
Advertisement