handling credit cards

[mr relaxo]

Hi everybody, I have a website job coming up, the client wants to sell some merchandise online. I dont think they'll sell enough to warrant real-time processing so im basically wondering what the generally accepted practises for handling credit card are? I know you need a SSL certificate to establish a secure connection between client and server, but then what? Should you write the information to a database? email it to the processing department? Im basically just a bit nervous/confused about it and was hoping somebody could give me some advice on the best way to go about securing the information and transmitting it to the appropriate place.

 

Thanks alot,

 

Kris.

[Derek Stone]

Customers are going to look at you cross-eyed if the site doesn't use real-time credit card processing, which is very easy to enable with help from companies such as Authorize.Net.

[Robby]

Another couple are PSI Gate and VeriSign

[kahlua001]

if your customer doesnt sell enough to warrant the higher rates with online cc processors, look into encrypting the cc number and get a cc machine with a lower rate. Sometimes, online real time card processing is not the best solution, esp if your business cant always fullfill the order right away, and simply capturing the funds from a customer til you find out the availability of the product wont fly with the customer. if you do use a realtime processor, then dont save the cc anywhere, why run the risk of having that cc in your db if you dont too, even if it is encrypted. you can store the cc transaction id instead.

[tate]

Using a service to process credit cards like PayPal may be another option. This is very well suited for low volumes of credit card purchases.