secure payment page "https"

super_dad

how do I add a secure payment page to my website.

I am about to receive a mobile cardit/debit card terminal for my business from my bank and I want to put all my transactions through that... but I don't know how I can transfer the payment details from the users of my site to me, securely... how do I add a secure page to a website, so that I then get emailed the details so I can process the information manually through my lloyds merchant account/mobile terminal?

any ideas?

Bikertov

This is a bit of a minefield area, as you should be PCI (Payment Card Industry) compliant. This means if you store Credit Card details, you need to have all sorts of security in place, including encryption. You also should not send card details by email, unless they are encrypted.

Your best bet is one of two options:

1) Get a 3rd party payment processor to set you up a secure web page, that you embed in your site
2) Get your merchant facility provider (eg Barclaycard, Streamline etc.) to provide you with a secure online payment system, sometimes known as a virtual terminal.

There are now tough penalties and fines being levied on Merchants that have security breaches - so don't treat this lightly.

Snakeeyes21

I didnt think you were allowed to do this anymore, since you have to become PCI compliant.
Im sure sending credit card details to an email address would fall foul of the law.

Plus many merchant banks dont allow it as you need 2 different merchant numbers, one for online payments and one for MOTO payments.

Your best bet would be to get a 3rd party payment processor who handles all the card details, processes the transaction and passes it along to your merchant bank.

One of the best and cheapest around is sagepay, it costs 10p per transaction if you process over 1000 transactions a quarter or £20 a month if you process under that.

jimmylees

You ned to get a security certificate for your site such as an ssl certificate. These are a bit expensive.

http://www.verisign.co.uk/ssl/ssl-information-center/index.html

pcombo

You could have the details submitted into a database going through encrypted site. This isn't breaking any rules as most site software like oscommerce keeps that and oscommerce use to be so unsecure if you didn't know what you were doing.

super_dad

well at the minute we're planning to accept paypal... so i guess the easiest way to do it is to add a "pay by credit/debit card" button, and when they click that there's a message saying that someone will be in touch to take payment over the phone.

Not as if we are/want to do anything dodgy, as ayone knows... you have to do so many checks just to get one of these things up and working anyway!

In fact, I guess if we do that then we can just input the details into the machine whilst the customer is on the phone... that sounds much better, i think!

sunshine54

if you are going to use paypal on the site, that will accept credit/debit card payments.
customers will input their card details via paypal secure webpages, so you have nothing to encrypt (as you don't see/store the card details)

super_dad

sunshine54 wrote: »

if you are going to use paypal on the site, that will accept credit/debit card payments.
customers will input their card details via paypal secure webpages, so you have nothing to encrypt (as you don't see/store the card details)

yeah I know that but just need to give customers the option... i think taking payment over the phone is the sensible thing to do, that way we can't !!!! it up.

edgex

super_dad wrote: »

how do I add a secure payment page to my website.

I am about to receive a mobile cardit/debit card terminal for my business from my bank and I want to put all my transactions through that... but I don't know how I can transfer the payment details from the users of my site to me, securely... how do I add a secure page to a website, so that I then get emailed the details so I can process the information manually through my lloyds merchant account/mobile terminal?

any ideas?

contact your bank & ask them how they would setup to take payments by card online


if you have customers phone you, so that you then manually process the payment, you wont be able to use any of the security systems now in place, & so would be fully liable for any fraudulent payments made that way.

webnise

Actually, you need to install this certificate jimmylees on your hosting. I did this for my university project where I used the trial certificate for simulating transactions via mobile simulator.

If you are using windows/IIS, it is pretty easy to do.

S0litaire

Pay-Pal is the best bet! get a Merchants account set up and they give you 5 or 6 diffrent types of checkout options (From a "Pay by Paypal" button to a full checkout system.

You're bank will probably have a "Verifyed by.." option for visa and Mastercards and they might offer a secure checkout option themselves.

Contact your bank see what they offer.