Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How do I accept credit card payments on my Website?

macaddict23

macaddict23

macrumors 6502
Original poster
Jun 20, 2006
382
1
MacVille, USA
Hi all. I was asked to create a Web site for an orphanage project. They would like to be able to accept donations/contributions for the project, via credit card or snail mail. The last one is easy, but how do I go about adding the credit card feature? What are the steps into setting this up? Where do I start? Thanks in advance!
 
macaddict23 said:
Hi all. I was asked to create a Web site for an orphanage project. They would like to be able to accept donations/contributions for the project, via credit card or snail mail. The last one is easy, but how do I go about adding the credit card feature? What are the steps into setting this up? Where do I start? Thanks in advance!
Click to expand...

I was in a similar place and decided that ultimately we would not (yet) take credit card numbers over the web. We direct people to phone our office with their number, or fax it in.

Accepting credit card information is not trivial, and is fraught with liability and security issues -- you do not want the banks or credit card companies breathing down your neck because someone found a security breach in your website. Your options are:

1. Use PayPal or some other third party service (e.g. Google Checkout)
2. Get an online merchant account (monthly charges will apply) and use well-established "shopping cart" applications that hook up with it
3. Direct users to send CC# info by mail, phone, or fax
4. Set up your website to use SSL for secure transmission of the data to your server. Then encrypt the data using something like GPG before saving or sending the data to your registrar/secretary, who will un-encrypt the data before accessing it.

DO NOT use a simple "mailto" script.

I am looking at option #4 seriously, but will need to experiment before we go live with such a system.
 
notjustjay said:
2. Get an online merchant account (monthly charges will apply) and use well-established

4. Set up your website to use SSL for secure transmission of the data to your server. Then encrypt the data using something like GPG before saving or sending the data to your registrar/secretary, who will un-encrypt the data before accessing it.
Click to expand...

Certainly #2 is required even to process real plastic cards in a in machine that prints them on paper.

#4 is also correct. Never store any customer information in plain text. If everything is encrypted then even if there is a problem with your design there is no sensitive data to be found. Even if they find the key it's only the public key and at worse case they could only stuff your DBMS with junk even they could not read back.
 
ChrisA said:
Certainly #2 is required even to process real plastic cards in a in machine that prints them on paper.
Click to expand...

Yes, but there's a distinction between a plain-Jane credit card merchant account and one with the online services enabled. The organization I volunteer with has a very no-frills credit card account at very low cost; for our volume of transactions it would not be cost effective to jump to doing direct online processing.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back