1 Reply Latest reply on Jul 23, 2008 7:07 PM by Daverms

    Credit Cards and checkout process

    Level 7
      Hi-

      I have a small business that wants a shopping cart that handles credit
      cards. In actual fact they would manually verify the credit card offline but
      i need to get them the card details from the user securely, and I dont want
      to store the credit details at all.

      In my websites orders are written to a database and accessed by a customer
      service team in a special permission based admin area. Without storing the
      credit card info how can i pass the credit card info on for processing. I
      have seen some third party solutions send an encrypted one off email with
      the credit card info to a generic customer service email address. Customer
      service would then match the credit card info to an order. I guess this
      would create problems if the email failed for some reason the customer
      would have to be contacted.

      Given the requirements has anyone got any suggestions for a better technique
      or process flow, email encryption techniques? Are there any cf tags that can
      help me send an encrpted email and provide a key for me to open the emails
      with.

      Any security issues i should (need) to know about. Naturally the order
      checkout process would take place on https

      Brett