Payment form help?

[Host47]

Hi Guys,

I have been asked to add a payment page to a website, it's for a small magazine publisher so there's no fixed fee, they don't want any merchant accounts or paypal due to fee's he has a streamline account for processing CC, I'm looking at something like

https://www.customflamepainting.com/sslform/

But am unsure where to start after the form is made..

any help appreciated

 

[Host47]

hmm no one?

 

[pixelbypixel]

That form simply sends information to the company, who then manually deal with the payment details themselves, it is not a payment gateway itself.

You would just send the details via email to the person who deals with the payments by php mail().

If you want an actual transaction to take place (i.e. actually take money and pay to the company) you will have to use something like WorldPay, or one of the other companies which do it for you, but there is very often a cost linked to this.

 

[snowbird]

Well I believe what he is saying is that the company already has a merchant account of some sort and does not want to pay for another one for online purchases. He wants to key the transactions in manually at a terminal after they come in.

This could be done where the transaction details are emailed to you but as a customer I wouldn't feel comfortable with that since the data will be in your email unencrypted. That is a big security risk in my opinion. Many cart scripts today encrypt stored credit card information and you need a special key that only you know to decrypt it so that the card numbers get into the right hands.

Also your SSL certificate on that page kind of scares me a little. You have a seal on your site and text that says everything is fully encrypted and secure from a quality certification authority. However when i click on my lock as instructed (which I normally do anyways), it says the following:

Owner: This web site does not supply ownership information.
Verified by: Not Specified.

It is unusual for it to say the certificate is not verified by a certification authority. Did you not install the SSL certificate correctly? Maybe you forgot to install the CA Root. It also says that the connection is only partially encrypted.

Also I know what you were trying to do with disabling the option to right click. But, the only people that will stop are those who are not very computer literate. Anyone who actually knows something about computers would know that you can easily bypass that right click disablement very easily. If you are truley interested in hiding your source code from the public, you might want to consider using php or another server side scripting language.

 

[Host47]

that site isn't mine, it was just an example that i found that has the info and looks like it would do what I need.

All i'm wanting is say if I make a form like on the site above, what is the best way to encrypt the data and send it via email so the owner can then process the payment.

 

[snowbird]

I myself would actually use a shopping cart script that is already available. That way credit card info could be stored in a database in an encrypted format. If you have a dedicated server you could also block the sql port so that the database cannot be accessed externally.

Another option would be for him/her to check with their payment processor/merchant account provider. Many merchant account providers already have the ability of accepting credit cards online. It may be a good idea to contact them anyways because if you are going to accept online purchases, they will need to know about it most likely. Accepting online purchases is not the same as accepting purchases at a physical retail location. In most cases fees might be a little more since you would not be performing a card present transaction and there would be slightly higher risk associated with it. If the merchant account provider knows you already perform internet sales, they will sometimes even ask you to sign a contract agreeing that you will not perform internet sales with your POS if it was meant for in person purchases. Merchant account providers like to know what your selling, where your selling it, and how much in sales you plan on doing each month. This is all part of their risk assessment and underwriting. If your business is to risky to them, they may tell you to go find another bank that is willing to deal with higher risk merchants. But since this is only going to be for a magazine I am sure the risk in regards to products being sold would be fine. It may just be a matter of paying some higher fees for processing internet transactions. It all depends on who you have for processing your payments.

 

[BobTurker]

You might be able to tweak something like Zen Cart to do it, they allow you to send the credit card transaction information via email for processing at a physical terminal.

 

[christo]

Many merchant account providers already have the ability of accepting credit cards online. It may be a good idea to contact them anyways because if you are going to accept online purchases, they will need to know about it most likely.

 

[ukdesign]

nothing compares to paypal its easy fast and money just some clicks away. and the whole world know no alternative of pay pal yet.