Forum Question: "How do I get my form to send sensitive credit card data to my email address?"
Forgive the rant, but I've been seeing lots of posts like this lately and frankly it leaves me terrified and irritated.
Terrified for consumers who could be exploited by credit card & identity thieves.
Terrified for site owners who could incur stiff penalties or be put out of business.
Irritated with the fool of a web designer who thinks this is OK business practice.
I've got news for you. It's not OK to transfer sensitive data by e-mail. It's not secure.
If you're new to web design and need to build a store site for someone, please use PayPal, Google Checkout or one of the industry approved shopping cart sites. If you need a recommendation, feel free to post a question in the forum. People here will be happy to share their opinions & experiences with you.
Q: What is PCI?
A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID).
Q: To whom does PCI apply?
A: PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.
Q: What are the penalties for noncompliance?
A: The credit card companies may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. In most cases though, the bank suspends or terminates the merchant's credit card privileges.
I realize jobs are scarce & finding good projects to work on is much harder than it once was. But that doesn't mean you should ever put yourself, the public and site owners at risk. If a site owner insists on running his business without a PCI compliant shopping cart to save a few dollars or [insert whatever excuse here], this is a red flag warning you to politely thank them & walk away from the project. There is no excuse for NOT using a secure payment method. PayPal doesn't cost much (a small transaction fee) and it's very simple to set up.
PCI Compliance Guidelines & FAQ
Some Payment Processors to look at ~
Google Checkout ~ http://checkout.google.com/sell/?
Authorize.net ~ http://www.authorize.net/
Shopping Cart Solutions:
Adobe Business Catalyst ~ Built-in turn-key e-commerce
Alt-Web Design & Publishing
Web | Graphics | Print | Media Specialists