CC info in PDF Forms
- Started
- Last post
- 13 Responses
- ETM
A client wants to have customers input CC info in an interactive PDF form and have the customer email it back. I am concerned its not really better than having them send the info in an email itself. Either way its not secure.
Any suggestions to make this more secure without burdening the customer?
- hans_glib0
Ask him to send you his cc details on a postcard. when he objects, explain that it is the same for an emailed pdf. Unless there's some natty script that the pdf can encrypt the info automatically. but even then, the pdf is out there in the public domain...
- ETM0
Alright, what would Jesus do?
I have no time or budget to setup a proper secure form online. They're willing to manually process the CC info on site, so I just need to get the PDF form and cc numbers to them in a secure fashion.Any online services? Maybe there is an obvious answer I am over looking, but I am swamped and this was an unwelcome distraction today.
- ETM0
Curse you all. Someone else please do my thinking for me! :D
- SteveJobs0
use an upload form to send the pd over ssl - secure.
- lukus_W0
I wouldn't do it.
1 The information will be unencrypted.
2 Sending and storing the information in this way is most probably illegal.- Tell the client, if they want to process CC info they'll have to either find a budget or get the customer to call them using a phone.lukus_W
- phone.lukus_W
- A phone?!?... what about the wire taps and G men?ETM
- hmmm.. you've got a point. Maybe suggest they go home early and forget about it instead ;)lukus_W
- Hmmm... you seemed eager to drop it. Anything you're hiding?ETM
- Yes, I'm actually your father!!lukus_W
- detritus0
I must admit, I was wondering on the illegality, or at least the breach of covenant your client has with his Payment provider.
It's been a while since I've had my head in this space, so thought better than to mention it and possibly send someone down a blind path.
For sure though, I recall reading through all the contractual bumph we got when setting up merchant facilities through our bank and remember thinking I had to get our ecomm solution EXACTLY right, otherwise we'd be in shit and liable for it.
- lukus_W0
I know that one of the main benefits of dealing with a payment providers (i.e. google checkout / paypal etc.) is that they take away the hassle of having to be able to certify that your server meets security best practices.
If you want to store CC info yourself - it's not a simple process:
- lukus_W0
Also, check out these posts: http://stackoverflow.com/search?…
- ETM0
Thanks guys. I certainly know that what they want is not going to happen (by me anyway) and that its potentially illegal and likely violating CDN privacy laws.
I am aware of what is required for both processing transactions locally or with a 3rd party. Done it many times. However, I was just looking for a fabled option C today that maybe Adobe had done something I wasn't aware of in securing PDF forms.
Oh well.
- SteveJobs0
do you/they not have a directory behind https that can be used to upload the file? this would meet their reqs and yours with little effort
- ETM0
See now you're talking. Keep the PDF form so I don't have to build the web version (cause it's a lot of fields), create a simple upload page... maybe it'll work.
- haha, that's what i recommended a few posts up. anyway, it will def work if they have ssl.SteveJobs
- Missed that totally. Sorry...ETM
- Problem is storing the card info though.. that PDF 4 posts up lists the requirements you need to meet.lukus_W
- Sorry, I'll shut up now: don't mean to be down on the idea.lukus_W