Which SSL Certificate to Purchase?

[mariahlullaby]

I am setting up a secure server for a client so that he can take credit card information on his site. Usually, I'd use PayPal for this sort of thing, but he actually has the credit card machine, so he just wants a way to take the info and run it through.

I've never set up a secure server, and am trying to figure everything out. I'm using A Small Orange Shared Hosting, and following these instructions: http://wiki.asmallorange.com/HOWTOSSLCert

I need to purchase the SSL Certificate. Do you recommend a certain one? Is it worth getting this over just using PayPal? We are on a tight budget.

THANK YOU!

 

[mac-convert]

Hmm. Before you dive into this, you may want to take a real good look at the PCI DSS Compliance aspect. That's Payment Card Industry, and it lays down a lot of rules that need to be met when dealing with credit cards. Unfortunately, it's there because the CC industry cannot fully protect itself, so it lays the burden on the businesses that use CC's.

I don't know how deep this project will take you, but if you store ANYTHING related to the purchaser, not to mention the card number itself, you have a major undertaking. I am not trying to cast doom and gloom on your project, or any others, but be aware of the industry requirements.

 

[Stampyhead]

Take a look at GoDaddy's SSL certificate offerings. They are good and very affordable. They have different levels of encryption depending on what you need it to do. For ecommerce I believe you need at least 128 bit encryption.

 

[ChicoWeb]

How are you going to get the CC# to your client? Seems VERY insecure and illegal. You need a gateway and a merchant account to do it correctly. You may be setting yourself up and your client for a lawsuit by storing or emailing CC's. SSL doesn't have anything to do w/ CC, it provides a secure connection between the users computer and your server.

 

[Eraserhead]

Have you spoken to A Small Orange's customer support about it at all?

 

[LoopHoles]

How are you going to get the CC# to your client? Seems VERY insecure and illegal. You need a gateway and a merchant account to do it correctly. You may be setting yourself up and your client for a lawsuit by storing or emailing CC's. SSL doesn't have anything to do w/ CC, it provides a secure connection between the users computer and your server.

I have a problem similar to the mariahlullaby's. My client runs an equipment rental service and needs the customer's credit card info because they often will rent more equipment than the initial order or decide to keep what they've rented for a few extra days. That and she only processes payments once or twice a week with a regular credit card terminal.

With PayPal or a payment gateway like Authorize.net, you don't get the card info. It just goes straight thru the gateway into their processing. That probably wouldn't work so well for her. Now, does anyone know if it's possible to log into your account on the gateway's server securely and get that credit card info when necessary? Can anyone think of other solutions to this problem?

 

[mariahlullaby]

Thank you everyone for all your help! I am talking to him about all of this and checking to see what laws we need to abide by. Thanks CHICOWEB and all of you for letting me know about all that.