I am working on a site with a page hosted securely (Shared SSL) and I am looking for ways to transfer data securely (credit card numbers) using the PHP Feedback Form.
What suggestions does anybody have to make this as easy and as secure as possible - within reason - as this site will not be generating a great volume of this sort of traffic.
No more than a dozen a month?
David
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Well, the most secure way to do this is to let the bank do it. Seriously, most processors offer a method where you send a POST to the bank with the customer name and address (which you collect on your site) and then they gather the credit card info on their own page (and their own server) and you get a reply POST back from them with an approval code or an error code.
That way you never touch the credit card, it isn’t on your server ever, even for a moment.
Ask your bank if they offer something like this – most do, in my experience.
Walter
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
If these credit card details were not associated with a specific payment but rather being held as a security deposit/commitment would the bank still handle it?
Also bearing in mind that these payments could be International.
D
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
The bank will have some way for you to put a “hold” on the funds, or to verify that the card is good for the amount. There’s all sorts of transactions you can make, each bank implements this slightly differently, but in my experience, anything you can do with a physical credit card terminal you can do with a Web terminal.
Walter
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
If I was trying to use the credit card info as part of a bigger Reservation/Booking form then I wouldn’t want all the details from the form going to the Bank. Would I be better doing it as a 2 stage process ie Booking info 1st then card info to Bank.
D
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
If you’re going to take a “bite” on a card, you will have to give the bank all the details. No money will enter your account, but your customer will not be able to spend that portion of his or her credit until you release the hold.
In any case, you would collect the booking information on your server and save it in your database, then your server would send a POST redirect to the bank containing the customer information (name, address, whatever the bank needs, PLUS the amount you want to hold, and a code indicating that this is a hold (and probably a handshake ID and secret decoder ring token – some of these bank systems get pretty sci-fi in a big hurry).
The bank responds to that post with a new page, served from their domain, the customer enters the card number and expiration in the bank’s server, confirms that they didn’t need that money any more, and then the bank signals back to your server with the results.
Your server reads the reply from the bank, figures out which customer they were referring to, and presents a new page to the customer with the happy/sad news. In between, your server updates your database with the confirmation number from the bank, and marks the request as confirmed.
Walter
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Hmmm - this is starting to get pretty complicated.
What I had suggested to the client is that he takes a Booking Deposit for a nominal sum $50/$100, using a Mals link, which should be sufficient to get commitment from the customer.
The client is providing accommodation and says: “The credit card number is a guarantee for first nights rent only, and is not charged.” - which is why I have suggested taking the Booking fee at time of booking.
Any thoughts
D
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
See if Mals can do a Hold transaction. I was describing what goes on in the store systems I have built from scratch.
Walter
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options