[BLUG] accepting credit card #s from a web form

Joe Auty blug_at_mailman.cs.indiana.edu
Sun, 25 Feb 2007 15:46:18 -0500 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(this response is for Jeremy Gaddis too),

Most of my customers use PayPal, and we may end up just going with  
PayPal for this client too. However, he does have a manual card swipe  
machine, and these particular transactions don't have to be real-time  
(registration fees for an upcoming class). Therefore, if there is  
anyway to take credit card numbers securely, this would likely be an  
attractive option to the client, so I thought I'd at least research  
this option.

He will have an email account on the same machine, so I've thought  
about doing PGP encryption, or even just dropping in the email into  
his mailbox as is since it will never leave the server. I've also  
thought about writing to a database, and writing to a flat file. None  
of these sound foolproof, but maybe a combination of technologies  
might work?


On Feb 25, 2007, at 3:32 PM, David Ernst wrote:

> Not a true answer to your question, but on the subject:
>
> I recommend that you at least consider outsourcing this.  Paypal and
> many others make it very easy to accept credit cards over the web, you
> don't need your own merchant account, their rates are competitive,
> they focus on security so they ought to be better at it than us
> average hackers, and if nothing else, if they blow it, they get sued
> for mishandling the credit card numbers instead of you.  For these
> reasons, I've never done it myself, I've always outsourced it.
>
> Of course, there are many reasons that you might not want to do that,
> and if so, this message doesn't really apply... if so, I respectfully
> request that you respectfull ignore it.  :)
>
> Best of luck,
>
> David
>
>
> On Sun, Feb 25, 2007 at 12:46:18PM -0500, Joe Auty wrote:
>> Hey Guys,
>>
>> Any suggestions on some decently secure ways to do this? Seems like
>> one hurdle is in the web server having to write to a file/database/
>> email where the number will be saved, at least temporarily, so it
>> seems like a bit of a challenge to make a sort of secure bridge  
>> here...
>>
>>
>> Just thought I'd see if you guys have any creative ideas? Just
>> mulling over some ideas myself...
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> -----------
>> Joe Auty
>> NetMusician: web publishing software for musicians
>> http://www.netmusician.org
>> joe_at_netmusician.org
>>
>>
>
> -- 
> yes, this is a new email address.  The old one still works, but it'd
> be great if you switched your addressbook entry to
>
> david.ernst_at_davidernst.net
> _______________________________________________
> BLUG mailing list
> BLUG_at_linuxfan.com
> http://mailman.cs.indiana.edu/mailman/listinfo/blug

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFF4fWbCgdfeCwsL5ERAqSZAKCHcYaaxBW6yZB6XEEvnbgSPeUkJgCfWaJ1
9GumQ23ALniy/DEu+djV/ec=
=Zj4A
-----END PGP SIGNATURE-----