How do I accept credit card payments on my Website?

Discussion in 'Web Design and Development' started by macaddict23, Jul 21, 2008.

  1. macaddict23 macrumors 6502

    macaddict23

    Joined:
    Jun 20, 2006
    Location:
    MacVille, USA
    #1
    Hi all. I was asked to create a Web site for an orphanage project. They would like to be able to accept donations/contributions for the project, via credit card or snail mail. The last one is easy, but how do I go about adding the credit card feature? What are the steps into setting this up? Where do I start? Thanks in advance!
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
  3. notjustjay macrumors 603

    notjustjay

    Joined:
    Sep 19, 2003
    Location:
    Canada, eh?
    #3
    I was in a similar place and decided that ultimately we would not (yet) take credit card numbers over the web. We direct people to phone our office with their number, or fax it in.

    Accepting credit card information is not trivial, and is fraught with liability and security issues -- you do not want the banks or credit card companies breathing down your neck because someone found a security breach in your website. Your options are:

    1. Use PayPal or some other third party service (e.g. Google Checkout)
    2. Get an online merchant account (monthly charges will apply) and use well-established "shopping cart" applications that hook up with it
    3. Direct users to send CC# info by mail, phone, or fax
    4. Set up your website to use SSL for secure transmission of the data to your server. Then encrypt the data using something like GPG before saving or sending the data to your registrar/secretary, who will un-encrypt the data before accessing it.

    DO NOT use a simple "mailto" script.

    I am looking at option #4 seriously, but will need to experiment before we go live with such a system.
     
  4. ChrisA macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #4
    Certainly #2 is required even to process real plastic cards in a in machine that prints them on paper.

    #4 is also correct. Never store any customer information in plain text. If everything is encrypted then even if there is a problem with your design there is no sensitive data to be found. Even if they find the key it's only the public key and at worse case they could only stuff your DBMS with junk even they could not read back.
     
  5. notjustjay macrumors 603

    notjustjay

    Joined:
    Sep 19, 2003
    Location:
    Canada, eh?
    #5
    Yes, but there's a distinction between a plain-Jane credit card merchant account and one with the online services enabled. The organization I volunteer with has a very no-frills credit card account at very low cost; for our volume of transactions it would not be cost effective to jump to doing direct online processing.
     

Share This Page