We are not trying to setup an "instant-charge" application or any type of shopping cart on our website.

What we want is a simple form people Submit with their order and their credit card information..

and the form is just simply e-mailed to us..

now.. I understand how the form would work..

but whats the cheapest simplest form of "SECURITY" so the customer sees that it is an Encrypted Form and their Credit Card Number and information will be hacker-safe ?

Thanks

The only thing I know of that's really trusted (if you have to worry about trust) is getting an SSL certificate. Depends on your audience though, some people are comfortable ordering online (even in a nonsecure environment) and others aren't.

It depends what you're doing with the credit card information once you've got it. An SSL Certificate will encrypt the information as it's being sent to the server, but what then? If you're e-mailing the details to yourself from the website in plain text, then you're shooting yourself in the foot. Same as if you're storing them unencrypted in a database.

You need to be carefull when handleing your customers card details because you may find yourself responsible for nasty things like fruad and chargebacks. The most simple way is to just leave the card processing to someone else, get a payment gateway, PayPal, WorldPay, or talk to your bank, etc.

Thanks Guys..

Im purchasing a small SSL certificate from GoDaddy

The Credit cards do come in our mailbox.. this is true..

but once they are there.. they are immediatley printed off and deleted.

I appreciate your concern..

we only have a handful of employees and TRUST is our #1 priority here..

It's not your employees that could be your problem, it's the CC details being sent by email. SMTP email is sent in plain text, so anyone with the know how could intercept that traffic and read those CC numbers and names.

SSL only encrypts between the client and the HTTPS server, so if you want to store CC details, and I agree with Minaki it is NOT something you should do, use an encrypted database and ONLY ONLY ONLY read the details via a SSL or a VPN connection.

As in your original post you asked for the CHEAPEST method, the above steps are not cheap by any stretch of the imagination. The one place YOU SHOULD NOT be looking for cheap is in the handling of customer details, get cheap and you will eventually pay the price.

To ensure customer details are secure on your own hosting I would expect to be paying £1000 (GBP) a month minimum plus costs for regular intrusion testing and security audits etc.

ok.. so If I have them databased.. I could just keep them logged in my FTP server under a directory and just open it up and print them out ?

how would I go about that?

Im useless in scripting.. maybe theres something pre-made.

What type of scripting (is there anything out there)..

that I could use to have customers fill out a form and have that form sent to a log file in our FTP Server..?

I got the SSL certificate authorized and my https folder is ready to roll..

depends on what scripting your host supports

Quote:

Originally Posted by factorysupply

We are not trying to setup an "instant-charge" application or any type of shopping cart on our website.

What we want is a simple form people Submit with their order and their credit card information..

and the form is just simply e-mailed to us..

now.. I understand how the form would work..

but whats the cheapest simplest form of "SECURITY" so the customer sees that it is an Encrypted Form and their Credit Card Number and information will be hacker-safe ?

Thanks

I have a idea try a form Host. One that uses SSL. I use something like a Form Host for free. Try that.

Here you go. http://www.formsite.com/

As secure as it could be. Solved your problem.

I would suggest to not store the entire CC number in one location. I would send the first 4-digits and the last 4-digits via email, and store the middle 8-digits via db that has been encrypted using a random salt hash (or even doubled hashed).