[Pro] Secure pages and credit card numbers

This may be off topic and I aplogise if so. I am building a site for a small hotel. They would like a page where a client asking to reserve a room is requested to supply credit card details. (With reservation confirmed by email).

This has a two fold purpose. For the client it ensures his or her room is reserved . For the Hotel it allows them to bank a no show fee if the client fails to turn up without sufficient notice.
Since no one is likely to give such info on an insecure site I need to build a secure page and/or add in a method of encryption. Does the hosting company do this or is it more complicated? And how do we integrate it into FW? Just build a form and ask that it be a secure page on the server?

Their current site gives this info

Confirm your booking with your credit card. This will be debited for the full amount of your stay if you fail to turn up without cancelling in writing 72 hours in advance
This form is secured (under SSL certificate - 128 bits).

I presume this is encrypted in some manner but it looks a little on the slim side?

Any one had experience of this?

Best wishes

Richard


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

I would avoid taking credit card information and defiantly avoid
storing it, best to not even go there and just let a processing
company take care of the charge side if you can although I don’t know
how that would fit in with the structure of your plans. It goes beyond
just sending the information, it means you need to store it before you
charge the card and although SSL might get the information to you in a
more secure manner it won’t make it secure after you have it. There
may also be many legal issues connected with this relative to where
you are located.

Here are a couple of many discussions on the subject:

http://www.webdeveloper.com/forum/showthread.php?t=194921
http://forums.mysql.com/read.php?30,14020,14020

Please note that some of these dicussions maye be outdated.

HTH

On Aug 1, 2009, at 6:59 PM, richard lowther wrote:

This may be off topic and I aplogise if so. I am building a site
for a small hotel. They would like a page where a client asking to
reserve a room is requested to supply credit card details. (With
reservation confirmed by email).

This has a two fold purpose. For the client it ensures his or her
room is reserved . For the Hotel it allows them to bank a no show
fee if the client fails to turn up without sufficient notice.
Since no one is likely to give such info on an insecure site I need
to build a secure page and/or add in a method of encryption. Does
the hosting company do this or is it more complicated? And how do we
integrate it into FW? Just build a form and ask that it be a secure
page on the server?

Their current site gives this info

Confirm your booking with your credit card. This will be debited for
the full amount of your stay if you fail to turn up without
cancelling in writing 72 hours in advance
This form is secured (under SSL certificate - 128 bits).

I presume this is encrypted in some manner but it looks a little on
the slim side?

Any one had experience of this?

Best wishes

Richard


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Just use Mals - the card option can be used such that it is manually
collected by the client from the payments area of the cart set up. It is
stored securely on Mals servers.

hope this helps

regards
Brian

richard lowther said recently:

This may be off topic and I aplogise if so. I am building a site for a small
hotel. They would like a page where a client asking to reserve a room is
requested to supply credit card details. (With reservation confirmed by
email).

This has a two fold purpose. For the client it ensures his or her room is
reserved . For the Hotel it allows them to bank a no show fee if the client
fails to turn up without sufficient notice.
Since no one is likely to give such info on an insecure site I need to build a
secure page and/or add in a method of encryption. Does the hosting company do
this or is it more complicated? And how do we integrate it into FW? Just build
a form and ask that it be a secure page on the server?

Their current site gives this info

Confirm your booking with your credit card. This will be debited for the full
amount of your stay if you fail to turn up without cancelling in writing 72
hours in advance
This form is secured (under SSL certificate - 128 bits).

I presume this is encrypted in some manner but it looks a little on the slim
side?

Any one had experience of this?

Best wishes

Richard


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Thanks for the advice guys. Looks like I have some homework to do. Ho hum

Richard


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Remind me not to book a stay at that hotel. 72 hour notice or they charge your card of the full stay? No way!

BTW, hotels pre-authorize cards which puts a hold on (reserves) part of the customer’s credit line. It isn’t actually charged until checkout, If it’s not charged within a certain time frame the pre-auth expires.


freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options