Re: [PHP] E-commerce site issue?
Thanks again, Justin... Any suggestions on how to store/transmit the credit cards securely? And how do I process them manually? How do I get set up to accept credit cards? Thanks, gab. Justin French [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... on 10/08/02 12:05 AM, The Gabster ([EMAIL PROTECTED]) wrote: Thanks a lot... Hmm... I gues for the beginning I would go and process the purchases manually. Later on if the purchases increase, than I would opt for proccesing credit cards via the server. So initially you would just store/transmit the credit cards securely (a whole other can of worms!!), and process them manually offline. I'd recommend this for any start-up e-commerce site, because it cuts down some development, start up costs and saves the margins that an online credit-card merchant takes. When and if you decide to automate the credit card process (authorising and charging the card), it's done through a merchant. This will totally depend on your circumstances and budget, but you basically pass the details to a third party that specialises in this stuff, like authorise.net (and hundreds of other similar business'), a bank or financial institution etc etc. All of them will have different procedures and code, but you basically pass them the details, they pass back a success or failure, charge the credit card, take their % cut (everything from a flat fee like $1, through to 3% or 5%), and pass on the rest to you. There are further options above and beyond this, but they'd be out of reach/budget of almost any small-medium e-comm site. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-commerce site issue?
on 13/08/02 6:58 AM, The Gabster ([EMAIL PROTECTED]) wrote: Thanks again, Justin... Any suggestions on how to store/transmit the credit cards securely? I'm not a security expert at all, so don't consider this advice anything more than suggested for further reading. This is a big can of worms. To transmit them, you need to transmit them via SSL (https://). Talk to your host about this. To store them in an encrypted manner, you should look at mcrypt() PHP functions, and some of the MYSQL encrypting functions... Both have special server requirements, and you'll need to be WAAAY careful of where and how you store the encryption keys (passwords). Especially on a shared server. Ask your host how THEY handle CC#'s, if at all. Needless to say, this is not light work. You should seriously consider paying someone to do this properly for -- at least the first time, and try to learn off them. You should spend lots of time talking with your host about security holes, and most importantly, you should destroy the cc details as soon as you no longer need them -- 20 cc#'s stored is less desirable to a hacker than 2000, or 20,000 cc#'s. How do I get set up to accept credit cards? And how do I process them manually? I'm not a bank. The owner of the store needs to ask their bank. Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-commerce site issue?
On Tuesday 13 August 2002 10:29, Justin French wrote: Needless to say, this is not light work. You should seriously consider paying someone to do this properly for -- at least the first time, and try to learn off them. You should spend lots of time talking with your host about security holes, and most importantly, you should destroy the cc details as soon as you no longer need them -- 20 cc#'s stored is less desirable to a hacker than 2000, or 20,000 cc#'s. But how would the person breaking in know how many CC#'s you were storing? Reminds me of the signs that you see in some stores -- Our staff do not have access to the safe. So you can have on your website Hackers please note we only store twenty credit card numbers at any one time :) -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* [The French Riviera is] a sunny place for shady people. -- Somerset Maugham */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-commerce site issue?
on 13/08/02 1:39 PM, Jason Wong ([EMAIL PROTECTED]) wrote: On Tuesday 13 August 2002 10:29, Justin French wrote: Needless to say, this is not light work. You should seriously consider paying someone to do this properly for -- at least the first time, and try to learn off them. You should spend lots of time talking with your host about security holes, and most importantly, you should destroy the cc details as soon as you no longer need them -- 20 cc#'s stored is less desirable to a hacker than 2000, or 20,000 cc#'s. But how would the person breaking in know how many CC#'s you were storing? Reminds me of the signs that you see in some stores -- Our staff do not have access to the safe. So you can have on your website Hackers please note we only store twenty credit card numbers at any one time :) Hehehe that wasn't quite the point I was trying to make :) Only storing 20 is less risk than 20,000. Storing zero is the safest. Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-commerce site issue?
on 10/08/02 12:05 AM, The Gabster ([EMAIL PROTECTED]) wrote: Thanks a lot... Hmm... I gues for the beginning I would go and process the purchases manually. Later on if the purchases increase, than I would opt for proccesing credit cards via the server. So initially you would just store/transmit the credit cards securely (a whole other can of worms!!), and process them manually offline. I'd recommend this for any start-up e-commerce site, because it cuts down some development, start up costs and saves the margins that an online credit-card merchant takes. When and if you decide to automate the credit card process (authorising and charging the card), it's done through a merchant. This will totally depend on your circumstances and budget, but you basically pass the details to a third party that specialises in this stuff, like authorise.net (and hundreds of other similar business'), a bank or financial institution etc etc. All of them will have different procedures and code, but you basically pass them the details, they pass back a success or failure, charge the credit card, take their % cut (everything from a flat fee like $1, through to 3% or 5%), and pass on the rest to you. There are further options above and beyond this, but they'd be out of reach/budget of almost any small-medium e-comm site. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-commerce site issue?
JUstin, Thanks a lot... Hmm... I gues for the beginning I would go and process the purchases manually. Later on if the purchases increase, than I would opt for proccesing credit cards via the server. Can you please give me some details on this? I know php, have Apache on a Win2k machine. Many thanks, gabi. Justin French [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... on 09/08/02 3:56 AM, The Gabster ([EMAIL PROTECTED]) wrote: Hi all, Using my own server (not through an ISP), how do I go about setting up an e-commerce site? So I can accept credit cards for purchases? Do you want to ACCEPT credit cards (process the purchases manually), or PROCESS credit cards via the server. There's a big difference. Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] E-commerce site issue?
on 09/08/02 3:56 AM, The Gabster ([EMAIL PROTECTED]) wrote: Hi all, Using my own server (not through an ISP), how do I go about setting up an e-commerce site? So I can accept credit cards for purchases? Do you want to ACCEPT credit cards (process the purchases manually), or PROCESS credit cards via the server. There's a big difference. Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php