PDA

View Full Version : credit cards



JayDesigns
02 Feb 2006, 05:53 PM
Hey there,

I'd like to know the best way that I can get a credit card number from a web form to someone with e-mail.

I know of course that e-mail is not secure, so what I have in my mind at the moment is for the form to be on a secure server and have the credit card number stored in a database and a link sent out to the email address of the recipient, whereby he can go to a page on a secure server and retrieve the number.

Is this secure? Is SSL suitable for this? And if this is a good method, how can I secure the contents of the database?

Thanks for any help,

Jay Vincent
JayDesigns.co.uk

DanInManchester
20 Feb 2006, 06:18 PM
Yes SSL would offer suitable level of encryption.

Your database depends on what you are using.
MS access can be ecrypted and secured using a password. Make sure it is stored outside of the website root.

If it is MS SQL or mySQL your ISP will take care fo security for you (hopefully).

You can never be sure who is looking at your database even with reputable hosting providers. It's a good idea to encrypt passwords, CC numbers, etc within the database so in the event it is compromised it still remains reletively secure. You should also avoid saving passwords in plain text within scripts.

I've encounted a few hosting providers where I was able to get round poor security and expose other sites files and databases so always air on the side of caution.