K
kyber
- Original Poster
- #1
If you set up a shop, you will probably want to take payments.
This section mostly talks about using Payment Processors where you hand over to the dedicated and secure systems of a third party to handle the payment processing.
However, if you want to handle payment processing yourself offline (perhaps you already have one of those small PDT terminals) then you need to get credit card information to yourself securely.
(You also need to check with the company that handles your "manual" credit card processing that it is okay to do this - if you already have clearance for Customer Not Present transactions then you will probably be okay providing you can convince them you have taken proper security measures.)
If you want customers to provide credit card details, you need to be able to provide them with secure data entry. To most people this means the padlock appearing and the web address being refered to as https://... rather than http://...
To do this you need to buy a certificate and get this installed on your server. If your sever is shared by several people you may have problems (security configuration gets very complex and you have to use a non-standard https port which means putting a : and a number on the end of every address). This is a decent guide to SSL certificates written by one of the providers of certificates (so assume there is some bias):
http://whichssl.com/
In order to process an order you will need to access this information. You can probably do this using secure (SSL) admin access to the site.
Alternatively, you may be able to configure the system to email you the details. This however presents a security risk as a "plain text" email is open for anyone to intercept and read. Instead, you need to make use of a public key / private key encryption system that allows you to generate a public key that can be used by anyone including your shopping cart to encrypt your email in such as way as to only be decryptable by using your corresponding private key. A good solution for this is the GnuPG software:
http://www.gnupg.org/
You can see why online payment processors are popular. Still, this is potentially cheaper if you already handle credit cards offline.
Stuart
This section mostly talks about using Payment Processors where you hand over to the dedicated and secure systems of a third party to handle the payment processing.
However, if you want to handle payment processing yourself offline (perhaps you already have one of those small PDT terminals) then you need to get credit card information to yourself securely.
(You also need to check with the company that handles your "manual" credit card processing that it is okay to do this - if you already have clearance for Customer Not Present transactions then you will probably be okay providing you can convince them you have taken proper security measures.)
If you want customers to provide credit card details, you need to be able to provide them with secure data entry. To most people this means the padlock appearing and the web address being refered to as https://... rather than http://...
To do this you need to buy a certificate and get this installed on your server. If your sever is shared by several people you may have problems (security configuration gets very complex and you have to use a non-standard https port which means putting a : and a number on the end of every address). This is a decent guide to SSL certificates written by one of the providers of certificates (so assume there is some bias):
http://whichssl.com/
In order to process an order you will need to access this information. You can probably do this using secure (SSL) admin access to the site.
Alternatively, you may be able to configure the system to email you the details. This however presents a security risk as a "plain text" email is open for anyone to intercept and read. Instead, you need to make use of a public key / private key encryption system that allows you to generate a public key that can be used by anyone including your shopping cart to encrypt your email in such as way as to only be decryptable by using your corresponding private key. A good solution for this is the GnuPG software:
http://www.gnupg.org/
You can see why online payment processors are popular. Still, this is potentially cheaper if you already handle credit cards offline.
Stuart
