Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security Question: Accepting orders ONLINE but processing the payment OFFLINE...

H

h0kie99

macrumors member
Original poster
Jul 31, 2004
82
0
VA
A client of ours currently uses VeriSign for online credit card processing. Works just fine. The client now wants to eliminate online payment processing by accepting the customer's billing info (including full credit card number) via a secure web form and then processing the payment using their credit card machine in the office. I am not a security expert -- I leave that up to my programmers -- but I am immediately concerned that any options we have here are not completely secure. Of course I am going to talk to the programmers about it (when they get in later today) but I am looking for some of your advice as well. Why would we take VeriSign OUT of the process?? Please help me understand what (if any) secure options there are out there: storing info in a database (legal??), e-mailing the info to the client (completely non-secure??), etc.

THANKS!
 
If you run too many card numbers through your machine without the card, you're likely to get a hold or two placed on your account for a while. It happened to a race I used to work with that accepted entry forms via fax.
 
h0kie99 said:
The client now wants to eliminate online payment processing by accepting the customer's billing info (including full credit card number) via a secure web form and then processing the payment using their credit card machine in the office.
Click to expand...

Why? To save money? Maybe you want to suggest a cheaper solution like PayPal Payments Pro ($20/mo.).

Are you saying they want to print out peoples names and credit card numbers and then enter them manually? Whenever people enter the equation, security drops drastically -- even more so if you're converting this data to any sort of hard output. Are those documents going to be shredded afterwards? It sounds like a terrible idea to me.
 
You are asking for trouble.

It all depends on how that information gets to the client. If it goes through email, forget it. They are breaking every law in the book and are asking for a lawsuit. The only way a professional business should accept payment online is through a secure gateway, accept the CC and not store any info. Would you want your CC info going through peoples email??

It's practices like this that really scare me sometimes when I use my CC online. Just make sure you tell them over and over again that this is 100% against your professional opionion so you are not liable. I might even take it a step futher and make them sign off on something. They might cliam "They didn't know" our web designer handles that.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back