"Safe" way to handle CC without a Merchan account
- Started
- Last post
- 17 Responses
- fusionpixel
I know there are risks for not using a merchan account or for processing Credit cards over the internet. But say you HAVE TO process a credit card and mainly have it emailed to some one else throught the browser. whare are the items I should look for? this is a really low traffic site so having some one really break into the sistem would be kinda hard.
TIA
- UndoUndo0
packet sniffing over yr network isnt hard and they can get all the details from yr email. not recommended
- version30
there isn't one
- fusionpixel0
yeah, i figured it wasnt safe, is it fair to create the script and then have the client sign a release form where they state that they understand the script can be hacked?
- mrdobolina0
can't they just use paypal or some other intermediary?
- UndoUndo0
the script isnt necessarily hacked its more that the info in the email is 'listened to' giving away the info. SSL aims to tackle this problem on some servers but this doesnt cover outgoing email
- fusionpixel0
Thanks for the comments, all my fears have been proved. I will push for paypal and if they still insist I will have to have them sign a release form just to cover up my butt.
Thanks
- fusionpixel0
one more question, So what do companies like PayPal, Secure Guards and Verisign protect themselves from people stealing the credit card information?
Does anyone has a general idea or links to this kind of information?
- UndoUndo0
HTTPS on SSL and shit loads of encryption
- fusionpixel0
thanks, i guess another alternative would be writting the information onto a database and after the payment has been processed by the client they should delete the information fromt he database.
Im pretty sure this will bring the same security holes if some one breaks into the database.
sigh...
- UndoUndo0
if you hold payment details like that you also come under the 'data protection act' and have more legal responsibilities in the UK, i'm sure it is the same in the US
- fusionpixel0
i guess theres no way out. rather leave it to the experts like verisign or paypal and avoid any problems
thanks!
- version30
verisign owns paypal now, you can feel safer
- ldww0
it is illegal to store credit card numbers in a database which is not protected.
do not do it, its not smart. be smart.
- joyride0
I thought ebay owned paypal??
But, you can use some third party payment processors. http://www.2checkout.com is one I've used it a couple times.
- UndoUndo0
Paypal is also free to setup(others arent) and really easy to integrate into your site.
- fusionpixel0
yeah, i've used paypal almost on a daily basis, its just one of these occations where people ask, "what if...?" and you tell yourself that its not a good idea but you still want to get more feedback from other people
cheers
- mr_snuggles0
personally, I'd wear gloves and possibly goggles too...