Sending credit card information to server security concerns

Discussion in 'ASP General' started by Simon Wigzell, Nov 17, 2003.

  1. My client wants to have credit card information fields on his forms for his
    website visitors to be able to buy his wervices by credit card. The credit
    card info - Brand, number and expiry date will be sent to the server and
    stored in the database as the .asp page calls itself on Submit.

    How secure is this? I've never had to worry about it before but is form
    information encrypted before being sent to the server? Are there any legal
    obligations for handling peoples credit card information? The actual credit
    card payments will be handled manually at the clients company. Thanks!
    Simon Wigzell, Nov 17, 2003
    #1
    1. Advertising

  2. Simon Wigzell

    Ray at Guest

    Are you familiar with SSL? Do you have an SSL certificate?

    Ray at work

    "Simon Wigzell" <> wrote in message
    news:q08ub.416132$9l5.297316@pd7tw2no...
    > My client wants to have credit card information fields on his forms for

    his
    > website visitors to be able to buy his wervices by credit card. The credit
    > card info - Brand, number and expiry date will be sent to the server and
    > stored in the database as the .asp page calls itself on Submit.
    >
    > How secure is this? I've never had to worry about it before but is form
    > information encrypted before being sent to the server? Are there any legal
    > obligations for handling peoples credit card information? The actual

    credit
    > card payments will be handled manually at the clients company. Thanks!
    >
    >
    Ray at, Nov 17, 2003
    #2
    1. Advertising

  3. Simon Wigzell

    Chopper Guest

    "Simon Wigzell" <> wrote in message
    news:q08ub.416132$9l5.297316@pd7tw2no...
    > My client wants to have credit card information fields on his forms for

    his
    > website visitors to be able to buy his wervices by credit card. The credit
    > card info - Brand, number and expiry date will be sent to the server and
    > stored in the database as the .asp page calls itself on Submit.
    >
    > How secure is this? I've never had to worry about it before but is form
    > information encrypted before being sent to the server? Are there any legal
    > obligations for handling peoples credit card information? The actual

    credit
    > card payments will be handled manually at the clients company. Thanks!
    >
    >


    Information is not encrypted before being sent to the server unless you set
    up SSL. Check out www.verisign.com and www.thawte.com for more information
    on certificates and how to get one.
    SSL is considered a secure method of encrypting traffic between client
    browser and server providing it is implemented properly (more info at the
    above sites).
    Legal implications of storing this information depend on your country. In
    the UK we have the Data Protection Act and I assume the US have an
    equivalent - no doubt bigger and better :eek:)
    From what you have said it seems you will need to secure not only the data
    exchanges between customer and website but also client and website. It might
    be worth looking at a merchant service which takes the customer temporarily
    off your site to enter sensitive information, eg.
    http://www.epdq.co.uk/epdq_frameset.htm (again UK) although it will
    obviously cost you.

    HTH

    chopper
    Chopper, Nov 17, 2003
    #3
  4. "Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
    news:%...
    > Are you familiar with SSL? Do you have an SSL certificate?
    >
    > Ray at work
    >
    > "Simon Wigzell" <> wrote in message
    > news:q08ub.416132$9l5.297316@pd7tw2no...
    > > My client wants to have credit card information fields on his forms for

    > his
    > > website visitors to be able to buy his wervices by credit card. The

    credit
    > > card info - Brand, number and expiry date will be sent to the server and
    > > stored in the database as the .asp page calls itself on Submit.
    > >
    > > How secure is this? I've never had to worry about it before but is form
    > > information encrypted before being sent to the server? Are there any

    legal
    > > obligations for handling peoples credit card information? The actual

    > credit
    > > card payments will be handled manually at the clients company. Thanks!
    > >
    > >

    >
    >

    No, I'm not, and no, I haven't!
    Simon Wigzell, Nov 17, 2003
    #4
  5. Simon Wigzell

    Jeff Cochran Guest

    On Mon, 17 Nov 2003 17:59:50 GMT, "Simon Wigzell"
    <> wrote:

    >My client wants to have credit card information fields on his forms for his
    >website visitors to be able to buy his wervices by credit card. The credit
    >card info - Brand, number and expiry date will be sent to the server and
    >stored in the database as the .asp page calls itself on Submit.
    >
    >How secure is this?


    Not secure enough that I'd shop there.

    >I've never had to worry about it before but is form
    >information encrypted before being sent to the server?


    Not unless you do it. Use SSL at least.

    >Are there any legal
    >obligations for handling peoples credit card information?


    You could easily be liable for stolen credit information, or worse,
    chargebacks from your credit card company will kill you. Just one
    loss of info and you customer base could vanish.

    >The actual credit
    >card payments will be handled manually at the clients company. Thanks!


    Find and use a credit card processing service. Let them handle the
    risk.

    Jeff
    Jeff Cochran, Nov 17, 2003
    #5
  6. Simon Wigzell

    Ray at Guest

    "Simon Wigzell" <> wrote in message
    news:rs8ub.414950$pl3.100103@pd7tw3no...
    >
    > "Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
    > news:%...
    > > Are you familiar with SSL? Do you have an SSL certificate?

    >
    >
    > No, I'm not, and no, I haven't!


    I suggest you learn about SSL prior to trying to handle credit card
    processing on your own. You really should know about these things prior to
    having people submit this kind of information over the Internet to your
    site. I agree with Jeff, that you should outsource the CC processing to a
    processor. And don't worry about the cost of that. You'll see that it's
    not that much when you learn about the price of an SSL certificate. :]

    Ray at work
    Ray at, Nov 17, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. redstar

    Credit card processing

    redstar, Jul 11, 2003, in forum: Perl
    Replies:
    0
    Views:
    1,013
    redstar
    Jul 11, 2003
  2. Florian Marinoiu

    Credit card integration

    Florian Marinoiu, Jul 15, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    409
  3. Samir A. Mamude

    Store credit card info with Security

    Samir A. Mamude, Jan 8, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    99
    Alek Davis
    Jan 8, 2004
  4. Guy Brom

    Keeping credit card information secure?

    Guy Brom, Apr 14, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    102
    Ken Cox [Microsoft MVP]
    Apr 14, 2004
  5. Sandy

    Code to submit credit card information

    Sandy, Jun 9, 2004, in forum: ASP General
    Replies:
    2
    Views:
    97
    Roland Hall
    Jun 11, 2004
Loading...

Share This Page