Hi-
I have a small business that wants a shopping cart that
handles credit
cards. In actual fact they would manually verify the credit
card offline but
i need to get them the card details from the user securely,
and I dont want
to store the credit details at all.
In my websites orders are written to a database and accessed
by a customer
service team in a special permission based admin area.
Without storing the
credit card info how can i pass the credit card info on for
processing. I
have seen some third party solutions send an encrypted one
off email with
the credit card info to a generic customer service email
address. Customer
service would then match the credit card info to an order. I
guess this
would create problems if the email failed for some reason the
customer
would have to be contacted.
Given the requirements has anyone got any suggestions for a
better technique
or process flow, email encryption techniques? Are there any
cf tags that can
help me send an encrpted email and provide a key for me to
open the emails
with.
Any security issues i should (need) to know about. Naturally
the order
checkout process would take place on https
Brett