Current time: 04-17-2014, 12:12 PM Hello There, Guest! (LoginRegister)

Accepting Credit Cards advice
09-20-2006, 12:07 PM
Post: #1
Accepting Credit Cards advice
I'm helping a friend with a website who needs to be able to securely accept credit cards. We aren't looking for any full e-Commerce solutions as there's no particular product to buy (it is payment for some classes she teaches), so we don't want to set up one of the entirely separate eCommerce solutions out there, we just want a way to securely get the credit cards to her, either via her email or a very easy to get to online method.

I've done a lot of Googling on this and can't seem to find any simple way to do this. Does anyone have some suggestions? Currently she takes all other registration information via a form using a generic cgiemail script.
Find all posts by this user
09-20-2006, 01:09 PM
Post: #2
Accepting Credit Cards advice
When you say you don't want a full e-commerce solution, are you saying you don't want a merchant account? (For those, I'd recommend CDGCommerce.com)

If not, then you're pretty much stuck with something like PayPal. I haven't looked into Google Checkout yet, but maybe that could be an option.

Or you could search Google for third party payment processors like 2co (never dealt with any of these).

As far as getting the card info from the site, you'll want to be set up with an SSL cert and a form that encrypts the info with PGP/GnuPG. But... if she doesn't have a merchant account, there's no reason for her to ever see anyone's credit card number. That would be handled by Paypal or whichever processor you choose.

No matter which way you go, just be sure to review that company's TOS to see what their requirements are for how you collect & store customer card info.

--------------------------------------------------------
Tongue Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.
Visit this user's website Find all posts by this user
09-20-2006, 01:19 PM
Post: #3
Accepting Credit Cards advice
Well, she already has a manual credit card processor. So really the only thing we are looking for is a way to securely get the credit card numbers to her so she can process them.
Find all posts by this user
09-20-2006, 01:44 PM
Post: #4
Accepting Credit Cards advice
Quote:she already has a manual credit card processor
Which is an entirely different process, in the charge card companies' view, than collecting card informatin over the net and processing "card not present" sales. She needs to be very careful regardng the terms of her account if she is considering processing online sales via her manual processor - she is very likely to be operating outside the terms of that agreement by doing so.
Quote:the only thing we are looking for is a way to securely get the credit card numbers to her so she can process them.
"Securely" is a relative term, and the only definition that counts here is "what the charge card company requires". At the most elemental level, she will need an ssl setup (server and cert) to do this herself (as opposed to using a payment processor).

--rlparker
Find all posts by this user
09-20-2006, 03:09 PM
Post: #5
Accepting Credit Cards advice
At the most elemental level, she will need an ssl setup

And a form processor that encrypts the data before mailing it to her. It's very important to not forget this part, as having the credit card number mailed in clear text is even less secure than sending it in plain text over the internet.

GPG is already installed on Dreamhost servers (/usr/bin/gpg) and can be used via whatever language you prefer to encrypt the form data before mailing it. IBM DeveloperWorks has an article that covers encrypting form data with PHP and GPG.

Oh yeah, she'll also need to install GPG on her computer and learn to use it. She may find it faster to have someone teach her rather than trying to pick it up herself.

--
If you want useful replies, ask smart questions.
Visit this user's website Find all posts by this user
09-20-2006, 07:07 PM
Post: #6
Accepting Credit Cards advice
Quote:And a form processor that encrypts the data before mailing it to her. It's very important to not forget this part, as having the credit card number mailed in clear text is even less secure than sending it in plain text over the internet.
Ah! That is a very good point! I had completely forgotten about that aspect, but you are right. Smile

--rlparker
Find all posts by this user
09-25-2006, 07:57 PM
Post: #7
Accepting Credit Cards advice
You might also want to check out http://www.mals-e.com. I have used them for a number of years for a couple of sites that just wanted to securely collect the data. It is a free system.

deb
Visit this user's website Find all posts by this user
11-15-2006, 07:04 PM
Post: #8
Accepting Credit Cards advice
I do NOT recommend 2Checkout. I used them for some years, and was disgusted by the most recent change to their contract. Basically, they now want to have access to their customers' logo and other related images/intellectual property. At that point I let my contract with them expire.

ProPay is better, and has a better web interface, and is much less confusing for novices. They have a good BBB track record. You can email invoices, as well as use a web cart to transmit the coded credit card number, and then enter it online or over the phone. It's not that expensive - $35 a year for the basic package, $60ish for the next level (accepting Amex, Discover, allowing phone processing) plus a small fee and percentage off the top of each sale - and costs less than a traditional merchant contract.

__
If I've been helpful, please check out my discount codes for Dreamhost: with BRUCELEE, you get the maximum discount, less $1 for moi. Or get the maximum discount with WAKEUPTOMONEY.
Find all posts by this user


Forum Jump: