WEB Handling Credit card numbers through registration form?

Discussion in 'OT Technology' started by littleman, Dec 12, 2007.

  1. littleman

    littleman I took an AMEX survey and all I got was this crapp

    Joined:
    Sep 9, 2004
    Messages:
    2,597
    Likes Received:
    0
    Location:
    NY
    Hi OT :wavey:

    A client of mine just recently wanted me to create a registration page for their sports club site allowing clients to register and sign up for the spring on the website.

    He wanted the form to be able to email him the credit card numbers (big :nono:, i know) along with the registration information. I have had little experience dealing with private information such as this, so are there any recommended ways in securely handling this type of data.

    My question is, what is the best way of accomplishing this registration form with credit card number task?
     
  2. Nakon

    Nakon Guest

    sign up with a credit card processor. OT uses paypal which is pretty good.
     
  3. PEnGUiN188

    PEnGUiN188 New Member

    Joined:
    Mar 28, 2007
    Messages:
    5,835
    Likes Received:
    0
    Location:
    Cincinnati, Ohio
    PayPal, because its a name people trust rather than just putting their CC numbers in a box.
     
  4. crazybenf

    crazybenf Active Member

    Joined:
    Nov 14, 2001
    Messages:
    15,575
    Likes Received:
    2
    use a processor gateway with a decent API.

    I use authorize.net's AIM and ARB API's. The ARB is nice because it stores all customer's info (except their legible CC) in a CRM-like interface on authorize. If you want to store CC's locally, encrypt them and store them in a database. There are tons of white papers on the accepted methods for the safe storage of credit cards.

    With the API, your site makes a direct call to the processor with the client + payment info.. the payment is immediately run and the processor will reply back with success or fail. (Authorize.net requires you to use a SSL host for most of their API's... i'm pretty sure you can get away with unencrypted on their SIM API though.)

    Emailing them to yourself in plain text is one of the worst ideas ever.
     
  5. 420am

    420am OT Supporter

    Joined:
    Mar 10, 2003
    Messages:
    10,936
    Likes Received:
    0
    Location:
    Madison, Wisconsin
    As well as illegal if I remember correctly.
     
  6. RaginBajin

    RaginBajin Have you punched a donkey today?

    Joined:
    Dec 24, 2001
    Messages:
    8,740
    Likes Received:
    0
    Location:
    NoVA
    I don't think it is illegal per sae, but it is against PCI compliance rules. If Visa finds out, you would be liable for any charges that happen, as well as lose credit card processing abilities with every major Credit Card provider.
     
  7. projectalpha

    projectalpha 二號 Stunna

    Joined:
    Aug 4, 2001
    Messages:
    17,671
    Likes Received:
    0
    Location:
    Bay Area, California
    .
     
  8. littleman

    littleman I took an AMEX survey and all I got was this crapp

    Joined:
    Sep 9, 2004
    Messages:
    2,597
    Likes Received:
    0
    Location:
    NY
    I think I'll be taking a look at Paypal, it doesn't require the user to have an account and looks like the easiest to setup in the timeline that I have, Authorize.net looks nice though.

    Thanks OT!
     

Share This Page