Which SSL Certificate to Purchase?

Discussion in 'Web Design and Development' started by mariahlullaby, Nov 13, 2007.

  1. mariahlullaby macrumors 6502a

    mariahlullaby

    Joined:
    Jan 19, 2005
    Location:
    NYC
    #1
    I am setting up a secure server for a client so that he can take credit card information on his site. Usually, I'd use PayPal for this sort of thing, but he actually has the credit card machine, so he just wants a way to take the info and run it through.

    I've never set up a secure server, and am trying to figure everything out. I'm using A Small Orange Shared Hosting, and following these instructions: http://wiki.asmallorange.com/HOWTOSSLCert

    I need to purchase the SSL Certificate. Do you recommend a certain one? Is it worth getting this over just using PayPal? We are on a tight budget.

    THANK YOU!
     
  2. mac-convert macrumors 6502a

    mac-convert

    Joined:
    Nov 2, 2006
    Location:
    Are we there yet?
    #2
    Hmm. Before you dive into this, you may want to take a real good look at the PCI DSS Compliance aspect. That's Payment Card Industry, and it lays down a lot of rules that need to be met when dealing with credit cards. Unfortunately, it's there because the CC industry cannot fully protect itself, so it lays the burden on the businesses that use CC's.

    I don't know how deep this project will take you, but if you store ANYTHING related to the purchaser, not to mention the card number itself, you have a major undertaking. I am not trying to cast doom and gloom on your project, or any others, but be aware of the industry requirements.
     
  3. Stampyhead macrumors 68020

    Stampyhead

    Joined:
    Sep 3, 2004
    Location:
    London, UK
    #3
    Take a look at GoDaddy's SSL certificate offerings. They are good and very affordable. They have different levels of encryption depending on what you need it to do. For ecommerce I believe you need at least 128 bit encryption.
     
  4. ChicoWeb macrumors 65816

    ChicoWeb

    Joined:
    Aug 16, 2004
    Location:
    California
    #4
    How are you going to get the CC# to your client? Seems VERY insecure and illegal. You need a gateway and a merchant account to do it correctly. You may be setting yourself up and your client for a lawsuit by storing or emailing CC's. SSL doesn't have anything to do w/ CC, it provides a secure connection between the users computer and your server.
     
  5. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #5
    Have you spoken to A Small Orange's customer support about it at all?
     
  6. LoopHoles macrumors member

    Joined:
    Jul 19, 2003
    #6
    I have a problem similar to the mariahlullaby's. My client runs an equipment rental service and needs the customer's credit card info because they often will rent more equipment than the initial order or decide to keep what they've rented for a few extra days. That and she only processes payments once or twice a week with a regular credit card terminal.

    With PayPal or a payment gateway like Authorize.net, you don't get the card info. It just goes straight thru the gateway into their processing. That probably wouldn't work so well for her. Now, does anyone know if it's possible to log into your account on the gateway's server securely and get that credit card info when necessary? Can anyone think of other solutions to this problem?
     
  7. mariahlullaby thread starter macrumors 6502a

    mariahlullaby

    Joined:
    Jan 19, 2005
    Location:
    NYC
    #7
    Thank you everyone for all your help! I am talking to him about all of this and checking to see what laws we need to abide by. Thanks CHICOWEB and all of you for letting me know about all that.
     

Share This Page