SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Guru
    Join Date
    Dec 2001
    Location
    San Diego, CA
    Posts
    617
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    simply taking cc info

    Low volume, no real-time transactions. I am doing a proposal for a site that needs a registration system for seminars. They want to accept the CC info and manually run the cards in office.

    Do I store this in a DB? If so, how do I make sure they are safe? That doesn't seem like the best answer to me.

    Do I email it? Emails aren't secure. Or is there a way to make them secure?

    The only idea I came up with is emailing half the CC and storing the other half. Client gets email notification saying there is new purchase. They go to admin page to retrieve rest of info. Delete info from DB once they have the order in office.

  2. #2
    + platinum's Avatar
    Join Date
    Jun 2001
    Location
    Adelaide, Australia
    Posts
    6,441
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Secure server, and ensure the transaction of numbers is encrypted. As well as the card number itself (perhaps using some custom encryption as well).

    Don't send it by email though. And if you are on a shared server, storing it in a db would be a tad risky (although it has to be stored somewhere along the line)

    If you were storing it in a database, it would want to be a company managed (and stored) server (or something along those lines) make sure it's seperate from anything else used only for the cc numbers and that the server is very secure in terms of being setup and managed correctly.

  3. #3
    Texan at Heart Corey Bryant's Avatar
    Join Date
    Sep 2003
    Location
    Castle Rock, CO
    Posts
    2,491
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How long until the time that the person submits the CC to the time that the CC needs to be ran? There is something that is called pre-auth. This verifies the money is there for Your Company and holds the money for Your Company. And then you can sign into a virtual terminal & do a sale for Your Company. Depending on the issuing bank, the pre-auth holds the money from 3 days to about 3 weeks or so. And all of this would be stored securely on a gateway.

    If they have a brick & mortar account though & they are trying to "get away" without having to get an internet account, they need to be careful. One, the keyed transaction might be a lot higher than an internet discount rate. Two, if the processors sees more keyed transactions than swiped, the processor might decide to up the discount rate.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •