I have a potential new client with an existing website where customers enter credit card information into a unsecure form and then email the cc information to the client. I don't feel comfortable with this approach, but if I could deal with it, the rest of the website is easy.
I'm thinking that we need at a minimum a shared security certificate and an encryption utility such as www.gnupg.org
We'd enter the information on the secure form and email it to the client, not storing the credit card info anywhere on the server. Am I on the right track?
Can anyone point me to information about how to setup a shared secure server at IH? Will a shared secure server as opposed to our own certificate be adequate? What trade-offs are we making with a shared certificate? Transaction volume is about 1 per day.
How about with gnupg - has anyone done this? Where do I even start? I've installed phpbb and cubecart, is gnupg harder?
I've discussed payment gateways such as Paypal and others with the client and they strongly prefer to get the email.
Suggestions, comments, etc?
I found infomation about www.gnupg.org and was wondering if this is already installed at InsiderHosting?
Has anyone already done similar?