Fulfillment Busiiness Model and Data Protection

Hi there,

I have a business model whereby my company never owns or touches the products that a customer buys on our site. The problem is that we are selling mobile phone contracts which require a credit check and monthly payment scheme.

This means that firstly we need to get the customer’s bank details from our checkout to our distributors who will fulfill the order and do the credit check.

I am really concerned about sending these details via email because I am not sure it is safe but I am unable to use virtual terminals like pay-pal because that’s just not going to suit us.

We DO NOT take the payment. Our distributors do, which means that I just need to get these details securely from A to B. Having any manual staff involved is not an option, I want it to be 100%automated.

Does anyone have any suggestions for either specialist virtual terminals or SUPER-secure email transmission?

Sounds like you need to customize your shopping cart to capture the bank details with the order. For security, you can use SSL for when the customer is entering their details and when your staff retrieve them

Hi there Luke,

I have already done the customization, I posted on the PHP forum here that I wanted to transmit the bank/cc details via email and loads of people freaked out LOL.

I already have SLL setup and the pages on which the data is entered are secure, however, as mentioned above, I cannot escape the fact that that data must be sent to a third party (our distributor) in order to process the order.

I don’t want any staff you see, I want a fully automated drop-ship service. I understand that sending details via email is risky but I do not appear to have any other choice as PayPal do not offer fulfillment virtual terminal services to transfer sensitive data between vendors and distributors.

It’s really annoying actually because I feel that they are not offering this service just because they don’t want to encourage a business model which doesn’t maximize their own profits. In effect, they are unable in this situation to take a fee proportional to the product purchased. Another example of corporate power-mongering even in today’s free internet.

I am not sure that sending data via email is illegal and if it isn’t I have all of the skills to use the latest technology to secure it as much as possible, I am just fishing on here for any possible alternatives first.

In an ideal world, I would like to install a 3rd party VT which allows the following sequence of events:

  1. Customer Enters Details into VT.
  2. Vt provider transfers order details to distributor for a pre-agreed fee.
  3. Distributor fulfills the order and sends us our cut.

Sounds simple doesn’t it but PayPal doesn’t like it so I don’t know if anyone knows of any other VT providers that do this?

Perhaps instead of sending the bank details in an email, you give them a link which they use to access the bank details. The page with the bank details on it can be secured with SSL and also require a password to access it.

What a great idea! Thanks so much Luke, that’s exactly what I’m going to do!

I have levels of access to my back office so I am going to DB the cred card data, ensuring that I do all of the industry standard stuff to prevent SQL injection attacks.

Then I am going to create a user account just for our suppliers and send them the link to the relevant data along with their unique login details.

Now this is why I’m a member of this forum, some really dynamic thinkers on here.

There are always those who like to throw their intellectual weight around and tell you only what you are doing wrong but their arrogance pales in comparison to the nice and helpful developers who understand that we all have to learn and help one another.

Have a great evening :slight_smile:

Glad I could help :slight_smile:

Really appreciate it,
If you ever need any technical help, I do JS, Flash/AS3, MYSQL,PHP, HTML, Photoshop, Illustrator and CSS at varying levels of proficiency. Feel free to pm me and if its something I am experienced in, I shall try to repay the favor. :wink: