Professional Web Applications Themes

SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION - ASP

I know how to build forms with ASP and process user input. Now i want to take credit card payments via a form. i will then download the details and process them via our credit card machine. do i just create a regular ASP form and use a certificate on the server to encrypt the data ? ie [url]https://server/getpaymentform.asp[/url] there is nothing special about the form is there ? it is just the same as the form i have been using for user input....

  1. #1

    Default SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION

    I know how to build forms with ASP and process user input.
    Now i want to take credit card payments via a form.
    i will then download the details and process them via our credit card
    machine.

    do i just create a regular ASP form and use a certificate on the
    server to encrypt the data ? ie [url]https://server/getpaymentform.asp[/url]

    there is nothing special about the form is there ?
    it is just the same as the form i have been using for user input.

    sam1967@hetnet.nl Guest

  2. #2

    Default Re: SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION

    [email]sam1967hetnet.nl[/email] wrote:
    > I know how to build forms with ASP and process user input.
    > Now i want to take credit card payments via a form.
    > i will then download the details and process them via our credit card
    > machine.
    >
    > do i just create a regular ASP form and use a certificate on the
    > server to encrypt the data ? ie [url]https://server/getpaymentform.asp[/url]
    >
    > there is nothing special about the form is there ?
    > it is just the same as the form i have been using for user input.
    correct.

    think how the data is going to get to you. pgp mail is useful in these
    cirstances.

    --
    William Tasso - [url]http://WilliamTasso.com[/url]


    William Tasso Guest

  3. #3

    Default Re: SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION

    On Sun, 10 Aug 2003 16:07:13 +0100, "William Tasso" <ngxtbdata.com>
    wrote:
    >sam1967hetnet.nl wrote:
    >> I know how to build forms with ASP and process user input.
    >> Now i want to take credit card payments via a form.
    >> i will then download the details and process them via our credit card
    >> machine.
    >>
    >> do i just create a regular ASP form and use a certificate on the
    >> server to encrypt the data ? ie [url]https://server/getpaymentform.asp[/url]
    >>
    >> there is nothing special about the form is there ?
    >> it is just the same as the form i have been using for user input.
    >
    >correct.
    >
    >think how the data is going to get to you. pgp mail is useful in these
    >cirstances.
    we are a small not-for-profit organisation. we would like to take
    donations online via credit card.
    this would be easier using a form i think.
    pgp mail would be the same process i assume.
    donators donwload our public key frmo our web page and use it to
    encrypt an email containing the credit card details.
    correct ?

    would we not be just as easy using PayPal ?

    sam1967@hetnet.nl Guest

  4. #4

    Default Re: SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION

    In article <erncjvcdaq5q8pvsb88rfa51ehd8iljgoe4ax.com>, sam1967
    hetnet.nl says...
    > On Sun, 10 Aug 2003 16:07:13 +0100, "William Tasso" <ngxtbdata.com>
    > wrote:
    >
    > >sam1967hetnet.nl wrote:
    > >> I know how to build forms with ASP and process user input.
    > >> Now i want to take credit card payments via a form.
    > >> i will then download the details and process them via our credit card
    > >> machine.
    > >>
    > >> do i just create a regular ASP form and use a certificate on the
    > >> server to encrypt the data ? ie [url]https://server/getpaymentform.asp[/url]
    > >>
    > >> there is nothing special about the form is there ?
    > >> it is just the same as the form i have been using for user input.
    > >
    > >correct.
    > >
    > >think how the data is going to get to you. pgp mail is useful in these
    > >cirstances.
    >
    > we are a small not-for-profit organisation. we would like to take
    > donations online via credit card.
    > this would be easier using a form i think.
    > pgp mail would be the same process i assume.
    > donators donwload our public key frmo our web page and use it to
    > encrypt an email containing the credit card details.
    > correct ?
    >
    > would we not be just as easy using PayPal ?
    >
    >
    1. Using an ASP form page and an SSL certificate would be simpler for
    the donator. No need to have anything on the client. Data is encrypted
    going to your site, and once there, you can do with it what you wish.

    2. Using paypal is VERY simple. However, anyone donating must have a
    paypal account to use. You will also need to have a higher level paypal
    account to accept credit cards - something you probably already have.
    With Paypal, there would be no need for a "credit card machine".

    --

    Remove NOT from email address to reply. AntiSpam in action.
    Dan Brussee Guest

  5. #5

    Default Re: SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION

    On Sun, 10 Aug 2003 15:49:19 GMT, Dan Brussee
    <dbrusseeNOTbetterwaycomputing.com> wrote:
    >In article <erncjvcdaq5q8pvsb88rfa51ehd8iljgoe4ax.com>, sam1967
    >hetnet.nl says...
    >> On Sun, 10 Aug 2003 16:07:13 +0100, "William Tasso" <ngxtbdata.com>
    >> wrote:
    >>
    >> >sam1967hetnet.nl wrote:
    >> >> I know how to build forms with ASP and process user input.
    >> >> Now i want to take credit card payments via a form.
    >> >> i will then download the details and process them via our credit card
    >> >> machine.
    >> >>
    >> >> do i just create a regular ASP form and use a certificate on the
    >> >> server to encrypt the data ? ie [url]https://server/getpaymentform.asp[/url]
    >> >>
    >> >> there is nothing special about the form is there ?
    >> >> it is just the same as the form i have been using for user input.
    >> >
    >> >correct.
    >> >
    >> >think how the data is going to get to you. pgp mail is useful in these
    >> >cirstances.
    >>
    >> we are a small not-for-profit organisation. we would like to take
    >> donations online via credit card.
    >> this would be easier using a form i think.
    >> pgp mail would be the same process i assume.
    >> donators donwload our public key frmo our web page and use it to
    >> encrypt an email containing the credit card details.
    >> correct ?
    >>
    >> would we not be just as easy using PayPal ?
    >>
    >>
    >
    >1. Using an ASP form page and an SSL certificate would be simpler for
    >the donator. No need to have anything on the client. Data is encrypted
    >going to your site, and once there, you can do with it what you wish.
    maybe you can inform me on something. once weve processed the credit
    card for the donation should we remove the details from our access
    database to prevent hacking ? if it was hacked and credit card details
    stolen would we be responsible ?

    >2. Using paypal is VERY simple. However, anyone donating must have a
    >paypal account to use. You will also need to have a higher level paypal
    >account to accept credit cards - something you probably already have.
    >With Paypal, there would be no need for a "credit card machine".
    PayPal is a worth considering but you are right about people being
    turned off by having to register with PayPal before they can donate.
    Maybe we will have a credit card option and a PayPal option.
    sam1967@hetnet.nl Guest

  6. #6

    Default Re: SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION

    In article <uIk3TQ2XDHA.2632TK2MSFTNGP09.phx.gbl>, [email]ngxtbdata.com[/email]
    says...
    > [email]sam1967hetnet.nl[/email] wrote:
    > > On Sun, 10 Aug 2003 16:07:13 +0100, "William Tasso" <ngxtbdata.com>
    > > wrote:
    > >
    > >> [email]sam1967hetnet.nl[/email] wrote:
    > >>> I know how to build forms with ASP and process user input.
    > >>> Now i want to take credit card payments via a form.
    > >>> i will then download the details and process them via our credit
    > >>> card machine.
    > >>>
    > >>> do i just create a regular ASP form and use a certificate on the
    > >>> server to encrypt the data ? ie [url]https://server/getpaymentform.asp[/url]
    > >>>
    > >>> there is nothing special about the form is there ?
    > >>> it is just the same as the form i have been using for user input.
    > >>
    > >> correct.
    > >>
    > >> think how the data is going to get to you. pgp mail is useful in
    > >> these cirstances.
    > >
    > > we are a small not-for-profit organisation. we would like to take
    > > donations online via credit card.
    > > this would be easier using a form i think.
    > > pgp mail would be the same process i assume.
    > > donators donwload our public key frmo our web page and use it to
    > > encrypt an email containing the credit card details.
    > > correct ?
    >
    > the visitor makes the donation on secure web form and sends it to your
    > server (SSL) using the submit button
    >
    > your script sends pgp mail from your server to you. means you do not have
    > to store the card details on a public server - check with your host/admin
    > that your server can support pgp mail.
    Not a bad idea. This would also answer the OP's question about keeping
    the card info (not a good idea to keep card info - what use do you have
    for it anyway!?)

    I would take a different path and store the data in a secure database in
    an SSL secured connection. Then use a password secured session to bring
    up card info to run through your machine. As soon as the order is
    processed, delete the card info. I know this puts the data on the server
    temporarily, but with just email, you are hosed if the email fails to
    get to you since no record is made anywhere.

    You could even make the password part non-browser by making the app an
    executuable that runs on your own PC but has a secure connection to the
    database (VPN?)


    >
    > > would we not be just as easy using PayPal ?
    >
    > then you wouldn't need to process credit cards
    >
    >
    --

    Remove NOT from email address to reply. AntiSpam in action.
    Dan Brussee Guest

  7. #7

    Default Re: SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION

    On Sun, 10 Aug 2003 17:39:17 GMT, Dan Brussee
    <dbrusseeNOTbetterwaycomputing.com> wrote:
    >In article <uIk3TQ2XDHA.2632TK2MSFTNGP09.phx.gbl>, [email]ngxtbdata.com[/email]
    >says...
    >> [email]sam1967hetnet.nl[/email] wrote:
    >> > On Sun, 10 Aug 2003 16:07:13 +0100, "William Tasso" <ngxtbdata.com>
    >> > wrote:
    >> >
    >> >> [email]sam1967hetnet.nl[/email] wrote:
    >> >>> I know how to build forms with ASP and process user input.
    >> >>> Now i want to take credit card payments via a form.
    >> >>> i will then download the details and process them via our credit
    >> >>> card machine.
    >> >>>
    >> >>> do i just create a regular ASP form and use a certificate on the
    >> >>> server to encrypt the data ? ie [url]https://server/getpaymentform.asp[/url]
    >> >>>
    >> >>> there is nothing special about the form is there ?
    >> >>> it is just the same as the form i have been using for user input.
    >> >>
    >> >> correct.
    >> >>
    >> >> think how the data is going to get to you. pgp mail is useful in
    >> >> these cirstances.
    >> >
    >> > we are a small not-for-profit organisation. we would like to take
    >> > donations online via credit card.
    >> > this would be easier using a form i think.
    >> > pgp mail would be the same process i assume.
    >> > donators donwload our public key frmo our web page and use it to
    >> > encrypt an email containing the credit card details.
    >> > correct ?
    >>
    >> the visitor makes the donation on secure web form and sends it to your
    >> server (SSL) using the submit button
    >>
    >> your script sends pgp mail from your server to you. means you do not have
    >> to store the card details on a public server - check with your host/admin
    >> that your server can support pgp mail.
    >
    >Not a bad idea. This would also answer the OP's question about keeping
    >the card info (not a good idea to keep card info - what use do you have
    >for it anyway!?)
    >
    >I would take a different path and store the data in a secure database in
    could you give me abit more info on what you mean by a secure database
    ? access with user security turned on ?
    >an SSL secured connection. Then use a password secured session to bring
    >up card info to run through your machine. As soon as the order is
    >processed, delete the card info. I know this puts the data on the server
    >temporarily, but with just email, you are hosed if the email fails to
    >get to you since no record is made anywhere.
    >
    sounds like a fair point.
    >You could even make the password part non-browser by making the app an
    >executuable that runs on your own PC but has a secure connection to the
    >database (VPN?)
    >
    i think that would be beyond my technical prowess.
    we normally use ftp to connect to upload our data.
    i assume downloading the details via ftp would be insecure.
    >
    >>
    >> > would we not be just as easy using PayPal ?
    >>
    >> then you wouldn't need to process credit cards
    >>
    >>
    sam1967@hetnet.nl Guest

  8. #8

    Default Re: SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION

    On Sun, 10 Aug 2003 18:31:07 +0100, "William Tasso" <ngxtbdata.com>
    wrote:
    >sam1967hetnet.nl wrote:
    >> On Sun, 10 Aug 2003 16:07:13 +0100, "William Tasso" <ngxtbdata.com>
    >> wrote:
    >>
    >>> [email]sam1967hetnet.nl[/email] wrote:
    >>>> I know how to build forms with ASP and process user input.
    >>>> Now i want to take credit card payments via a form.
    >>>> i will then download the details and process them via our credit
    >>>> card machine.
    >>>>
    >>>> do i just create a regular ASP form and use a certificate on the
    >>>> server to encrypt the data ? ie [url]https://server/getpaymentform.asp[/url]
    >>>>
    >>>> there is nothing special about the form is there ?
    >>>> it is just the same as the form i have been using for user input.
    >>>
    >>> correct.
    >>>
    >>> think how the data is going to get to you. pgp mail is useful in
    >>> these cirstances.
    >>
    >> we are a small not-for-profit organisation. we would like to take
    >> donations online via credit card.
    >> this would be easier using a form i think.
    >> pgp mail would be the same process i assume.
    >> donators donwload our public key frmo our web page and use it to
    >> encrypt an email containing the credit card details.
    >> correct ?
    >
    >the visitor makes the donation on secure web form and sends it to your
    >server (SSL) using the submit button
    >
    >your script sends pgp mail from your server to you. means you do not have
    >to store the card details on a public server - check with your host/admin
    >that your server can support pgp mail.
    >
    i will look into it but if what the other poster said is correct about
    no record being kept it might not be ideal.
    i suppose we could easily write a text file into a secure directory as
    well as sending the email ?
    >> would we not be just as easy using PayPal ?
    >
    >then you wouldn't need to process credit cards
    sam1967@hetnet.nl Guest

  9. #9

    Default Re: SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION

    [email]sam1967hetnet.nl[/email] wrote:
    > On Sun, 10 Aug 2003 18:31:07 +0100, "William Tasso" <ngxtbdata.com>
    > wrote:
    >
    >> [email]sam1967hetnet.nl[/email] wrote:
    >>> On Sun, 10 Aug 2003 16:07:13 +0100, "William Tasso" <ngxtbdata.com>
    >>> wrote:
    >>>
    >>>> [email]sam1967hetnet.nl[/email] wrote:
    >>>>> I know how to build forms with ASP and process user input.
    >>>>> Now i want to take credit card payments via a form.
    >>>>> i will then download the details and process them via our credit
    >>>>> card machine.
    >>>>>
    >>>>> do i just create a regular ASP form and use a certificate on the
    >>>>> server to encrypt the data ? ie [url]https://server/getpaymentform.asp[/url]
    >>>>>
    >>>>> there is nothing special about the form is there ?
    >>>>> it is just the same as the form i have been using for user input.
    >>>>
    >>>> correct.
    >>>>
    >>>> think how the data is going to get to you. pgp mail is useful in
    >>>> these cirstances.
    >>>
    >>> we are a small not-for-profit organisation. we would like to take
    >>> donations online via credit card.
    >>> this would be easier using a form i think.
    >>> pgp mail would be the same process i assume.
    >>> donators donwload our public key frmo our web page and use it to
    >>> encrypt an email containing the credit card details.
    >>> correct ?
    >>
    >> the visitor makes the donation on secure web form and sends it to
    >> your server (SSL) using the submit button
    >>
    >> your script sends pgp mail from your server to you. means you do
    >> not have to store the card details on a public server - check with
    >> your host/admin that your server can support pgp mail.
    >>
    > i will look into it but if what the other poster said is correct about
    > no record being kept it might not be ideal.
    > i suppose we could easily write a text file into a secure directory as
    > well as sending the email ?
    >
    a text file or a database - of course you can - as you are writing the
    script. I would say the issue isn't "is it possible" but "is it wise" - one
    for the risk assesment chappies I suspect.

    --
    William Tasso - [url]http://WilliamTasso.com[/url]


    William Tasso Guest

Similar Threads

  1. Credit card security question
    By Treefrog in forum PHP Development
    Replies: 7
    Last Post: October 5th, 11:07 PM
  2. Simple flash card question
    By Pena in forum Photography
    Replies: 1
    Last Post: July 11th, 11:22 AM
  3. [PHP] Credit card/Debit card validation
    By Matt Matijevich in forum PHP Development
    Replies: 1
    Last Post: July 9th, 10:04 PM
  4. Credit card/Debit card validation
    By Sparky Kopetzky in forum PHP Development
    Replies: 1
    Last Post: July 9th, 09:54 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139