SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    help me with this stupid client

    I have a client who has a product and I'm tasked to create a landing page to promote this. The client is now asking me to create an order form that will take the user's name, address, (shipping, billing), email and credit card, coupon code, etc. I said we should use paypal/authorize.net/formsite or something to take these info esp. the credit card but she just wants it sent to her email and that way she can process the info manually and let it go through the call center. I have a feeling this goes against PCI security standards.
    Is it okay to have users enter their credit card info on this site and just send it to her email? What should I do?

  2. #2
    Just Blow It bronze trophy
    DaveMaxwell's Avatar
    Join Date
    Nov 1999
    Location
    Mechanicsburg, PA
    Posts
    7,264
    Mentioned
    115 Post(s)
    Tagged
    1 Thread(s)
    I would advise her she is opening herself to potential legal issues because email is an insecure medium.
    Dave Maxwell - Manage Your Site Team Leader
    My favorite YouTube Video! | Star Wars, Dr Suess Style
    Learn how to be ready for The Forums' Move to Discourse

  3. #3
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by hkim45 View Post
    I have a feeling this goes against PCI security standards.
    It does.

    Is it okay to have users enter their credit card info on this site and just send it to her email? What should I do?
    Heck no. email is inherently insecure. Set up a proper payment gateway.

    If you are still unable to convince the client, then decline the job. Ultimately, the legal responsibility would fall to you if something should happen. It's not something you really want to be liable for.

    Here are a few other threads on similar topics, which may offer some insight and advice:

    http://www.sitepoint.com/forums/busi...ry-725888.html

    http://www.sitepoint.com/forums/php-...ea-598349.html

    http://www.sitepoint.com/forums/busi...rm-748675.html

    http://www.sitepoint.com/forums/php-...on-741290.html

    http://www.sitepoint.com/forums/ecom...ds-680615.html
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  4. #4
    SitePoint Zealot alicia101's Avatar
    Join Date
    Oct 2001
    Posts
    168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need to inform her that she's going to be legally liable if those credit card numbers are compromised. CC info needs to be contained completely securely throughout the lifecycle.

    Clients used to request this 10 years ago, cant believe that some are still doing it.

    Alicia

  5. #5
    Just Blow It bronze trophy
    DaveMaxwell's Avatar
    Join Date
    Nov 1999
    Location
    Mechanicsburg, PA
    Posts
    7,264
    Mentioned
    115 Post(s)
    Tagged
    1 Thread(s)
    I think this thread has run it's course - the OP obviously either got the answer he wanted or found it elsewhere. Since he hasn't come back in over a month, THREAD CLOSED
    Dave Maxwell - Manage Your Site Team Leader
    My favorite YouTube Video! | Star Wars, Dr Suess Style
    Learn how to be ready for The Forums' Move to Discourse


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •