SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION

[sam1967]

I know how to build forms with ASP and process user input.
Now i want to take credit card payments via a form.
i will then download the details and process them via our credit card
machine.

do i just create a regular ASP form and use a certificate on the
server to encrypt the data ? ie https://server/getpaymentform.asp

there is nothing special about the form is there ?
it is just the same as the form i have been using for user input.

 

[sam1967]

correct.

think how the data is going to get to you. pgp mail is useful in these
circumstances.

we are a small not-for-profit organisation. we would like to take
donations online via credit card.
this would be easier using a form i think.
pgp mail would be the same process i assume.
donators donwload our public key frmo our web page and use it to
encrypt an email containing the credit card details.
correct ?

would we not be just as easy using PayPal ?

 

[Dan Brussee]

we are a small not-for-profit organisation. we would like to take
donations online via credit card.
this would be easier using a form i think.
pgp mail would be the same process i assume.
donators donwload our public key frmo our web page and use it to
encrypt an email containing the credit card details.
correct ?

would we not be just as easy using PayPal ?

1. Using an ASP form page and an SSL certificate would be simpler for
the donator. No need to have anything on the client. Data is encrypted
going to your site, and once there, you can do with it what you wish.

2. Using paypal is VERY simple. However, anyone donating must have a
paypal account to use. You will also need to have a higher level paypal
account to accept credit cards - something you probably already have.
With Paypal, there would be no need for a "credit card machine".

 

[sam1967]

1. Using an ASP form page and an SSL certificate would be simpler for
the donator. No need to have anything on the client. Data is encrypted
going to your site, and once there, you can do with it what you wish.

maybe you can inform me on something. once weve processed the credit
card for the donation should we remove the details from our access
database to prevent hacking ? if it was hacked and credit card details
stolen would we be responsible ?

2. Using paypal is VERY simple. However, anyone donating must have a
paypal account to use. You will also need to have a higher level paypal
account to accept credit cards - something you probably already have.
With Paypal, there would be no need for a "credit card machine".

PayPal is a worth considering but you are right about people being
turned off by having to register with PayPal before they can donate.
Maybe we will have a credit card option and a PayPal option.

 

[Dan Brussee]

the visitor makes the donation on secure web form and sends it to your
server (SSL) using the submit button

your script sends pgp mail from your server to you. means you do not have
to store the card details on a public server - check with your host/admin
that your server can support pgp mail.

Not a bad idea. This would also answer the OP's question about keeping
the card info (not a good idea to keep card info - what use do you have
for it anyway!?)

I would take a different path and store the data in a secure database in
an SSL secured connection. Then use a password secured session to bring
up card info to run through your machine. As soon as the order is
processed, delete the card info. I know this puts the data on the server
temporarily, but with just email, you are hosed if the email fails to
get to you since no record is made anywhere.

You could even make the password part non-browser by making the app an
executuable that runs on your own PC but has a secure connection to the
database (VPN?)

 

[sam1967]

Not a bad idea. This would also answer the OP's question about keeping
the card info (not a good idea to keep card info - what use do you have
for it anyway!?)

I would take a different path and store the data in a secure database in

could you give me abit more info on what you mean by a secure database
? access with user security turned on ?

an SSL secured connection. Then use a password secured session to bring
up card info to run through your machine. As soon as the order is
processed, delete the card info. I know this puts the data on the server
temporarily, but with just email, you are hosed if the email fails to
get to you since no record is made anywhere.

sounds like a fair point.

You could even make the password part non-browser by making the app an
executuable that runs on your own PC but has a secure connection to the
database (VPN?)

i think that would be beyond my technical prowess.
we normally use ftp to connect to upload our data.
i assume downloading the details via ftp would be insecure.

 

[sam1967]

the visitor makes the donation on secure web form and sends it to your
server (SSL) using the submit button

your script sends pgp mail from your server to you. means you do not have
to store the card details on a public server - check with your host/admin
that your server can support pgp mail.

i will look into it but if what the other poster said is correct about
no record being kept it might not be ideal.
i suppose we could easily write a text file into a secure directory as
well as sending the email ?