secure connections

nightmares · November 23rd, 2007, 03:32 PM

Hi all

I'm a fairly new web designer; I just recently learned html/css/php. I'm wondering how you go about setting up a secure connection to send credit card numbers/other secure info. Can it be done using php? Do you need to set something up with the server? Are there third parties who have services to securely accept credit card numbers for you?

Thanks for any info

welshstew · November 23rd, 2007, 03:55 PM

If you want to do this yourself then you need to purchase a SSL certificate. I have had no experience with this myself, but someone will be able to help I'm sure.

There are plenty of thrid parties out there that can take the details and pricess it for you, two of the biggest being worldpay and paypal, but there are plenty to choose from.

It will all depend on what you are looking to do to what software you end up using. If you can give a bit more detail about the end goal / objective then we will be able to help more.

dab42pat · November 23rd, 2007, 04:20 PM

Agree with above post

. IMO paypal is probably the easiest and cheapest option to set up, plus all the security is handled by paypal.

nightmares · November 23rd, 2007, 05:00 PM

Sorry about the lack of detail.

I'm creating a small site for my uncle's company, and it needs to include an order page which takes credit card numbers. I know how to do everything for the page except I know that you shouldn't send credit card numbers over non-secure connections, so I'm wondering the best way to do this (for someone with no experience in secure connections).

I'm probably going to buy the cheapest package from icdsoft.com to host the site. The icdsoft page says that "SSL has been activated for the server your account is on by default. You can securely access pages of your site by using https://your_domain.com" Does this mean that I simply have to add the "s" in https and the connection will be secure?

Thanks

Corey Bryant · November 26th, 2007, 07:10 PM

If the client is in the United States, a merchant account with an electronic payment gateway (Linkpoint / Yourpay, Payflow, Authorize.net / Cybersource) might be better, especially if you are doing more than $1,000 a month.

Basically: The electronic payment gateway will take the credit card number and submit it to the transaction processor. The transaction processor might authorize / decline the transaction or it will send it to the card association for processing. Once done, the process flows back downhill.

You can add the https:// to your URL as well for a secure connection. However, usually your own SSL is better, one being that the consumer sees your URL in the browser, and not a generic one. Don't be afraid to put a little money into the business.

I would not suggest emailing the credit card number, either. Just because it is https, it does not mean the email is secure. And if you have the consumer send the CCV, you will be apt to fines by Visa / MasterCard.

If you are wanting to key in these transactions because you don't think you will have many, contact your merchant account provider for an Internet merchant account. Keying in these transactions might be against your merchant account agreement and you might risk losing your merchant account, and getting on the MATCH list. Chances are it will only cost you about $15-$25 extra a month for an Internet merchant account.

Otherwise, check into Paypal's options for whatever country the merchant is in. Almost any processor will be better than emailing credit card numbers.