473,396 Members | 1,722 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > sending credit card information to server security concerns

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Sending credit card information to server security concerns

My client wants to have credit card information fields on his forms for his
website visitors to be able to buy his wervices by credit card. The credit
card info - Brand, number and expiry date will be sent to the server and
stored in the database as the .asp page calls itself on Submit.

How secure is this? I've never had to worry about it before but is form
information encrypted before being sent to the server? Are there any legal
obligations for handling peoples credit card information? The actual credit
card payments will be handled manually at the clients company. Thanks!
Jul 19 '05 #1
6 3332
Are you familiar with SSL? Do you have an SSL certificate?

Ray at work

"Simon Wigzell" <si**********@shaw.ca> wrote in message
news:q08ub.416132$9l5.297316@pd7tw2no...
My client wants to have credit card information fields on his forms for his website visitors to be able to buy his wervices by credit card. The credit
card info - Brand, number and expiry date will be sent to the server and
stored in the database as the .asp page calls itself on Submit.

How secure is this? I've never had to worry about it before but is form
information encrypted before being sent to the server? Are there any legal
obligations for handling peoples credit card information? The actual credit card payments will be handled manually at the clients company. Thanks!

Jul 19 '05 #2
"Simon Wigzell" <si**********@shaw.ca> wrote in message
news:q08ub.416132$9l5.297316@pd7tw2no...
My client wants to have credit card information fields on his forms for his website visitors to be able to buy his wervices by credit card. The credit
card info - Brand, number and expiry date will be sent to the server and
stored in the database as the .asp page calls itself on Submit.

How secure is this? I've never had to worry about it before but is form
information encrypted before being sent to the server? Are there any legal
obligations for handling peoples credit card information? The actual credit card payments will be handled manually at the clients company. Thanks!


Information is not encrypted before being sent to the server unless you set
up SSL. Check out www.verisign.com and www.thawte.com for more information
on certificates and how to get one.
SSL is considered a secure method of encrypting traffic between client
browser and server providing it is implemented properly (more info at the
above sites).
Legal implications of storing this information depend on your country. In
the UK we have the Data Protection Act and I assume the US have an
equivalent - no doubt bigger and better :o)
From what you have said it seems you will need to secure not only the data
exchanges between customer and website but also client and website. It might
be worth looking at a merchant service which takes the customer temporarily
off your site to enter sensitive information, eg.
http://www.epdq.co.uk/epdq_frameset.htm (again UK) although it will
obviously cost you.

HTH

chopper
Jul 19 '05 #3

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Are you familiar with SSL? Do you have an SSL certificate?

Ray at work

"Simon Wigzell" <si**********@shaw.ca> wrote in message
news:q08ub.416132$9l5.297316@pd7tw2no...
My client wants to have credit card information fields on his forms for

his
website visitors to be able to buy his wervices by credit card. The credit card info - Brand, number and expiry date will be sent to the server and
stored in the database as the .asp page calls itself on Submit.

How secure is this? I've never had to worry about it before but is form
information encrypted before being sent to the server? Are there any legal obligations for handling peoples credit card information? The actual

credit
card payments will be handled manually at the clients company. Thanks!


No, I'm not, and no, I haven't!
Jul 19 '05 #4
On Mon, 17 Nov 2003 17:59:50 GMT, "Simon Wigzell"
<si**********@shaw.ca> wrote:
My client wants to have credit card information fields on his forms for his
website visitors to be able to buy his wervices by credit card. The credit
card info - Brand, number and expiry date will be sent to the server and
stored in the database as the .asp page calls itself on Submit.

How secure is this?
Not secure enough that I'd shop there.
I've never had to worry about it before but is form
information encrypted before being sent to the server?
Not unless you do it. Use SSL at least.
Are there any legal
obligations for handling peoples credit card information?
You could easily be liable for stolen credit information, or worse,
chargebacks from your credit card company will kill you. Just one
loss of info and you customer base could vanish.
The actual credit
card payments will be handled manually at the clients company. Thanks!


Find and use a credit card processing service. Let them handle the
risk.

Jeff
Jul 19 '05 #5

"Simon Wigzell" <si**********@shaw.ca> wrote in message
news:rs8ub.414950$pl3.100103@pd7tw3no...

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Are you familiar with SSL? Do you have an SSL certificate?

No, I'm not, and no, I haven't!


I suggest you learn about SSL prior to trying to handle credit card
processing on your own. You really should know about these things prior to
having people submit this kind of information over the Internet to your
site. I agree with Jeff, that you should outsource the CC processing to a
processor. And don't worry about the cost of that. You'll see that it's
not that much when you learn about the price of an SSL certificate. :]

Ray at work
Jul 19 '05 #6
"Simon Wigzell" <si**********@shaw.ca> wrote in message
news:q08ub.416132$9l5.297316@pd7tw2no...
My client wants to have credit card information fields on his forms for his website visitors to be able to buy his wervices by credit card. The credit
card info - Brand, number and expiry date will be sent to the server and
stored in the database as the .asp page calls itself on Submit.

How secure is this? I've never had to worry about it before but is form
information encrypted before being sent to the server? Are there any legal
obligations for handling peoples credit card information? The actual credit card payments will be handled manually at the clients company. Thanks!


You will want to have a secure connection, which means using SSL (as others
have pointed out). Basically, instead of using HTTP to access your form,
you use HTTPS (you will need to have the SSL Certificate installed on the
server). Some ISPs will let you use their certificate for free, but the
only down side to this is that the client might get warning messages, and
the URL will probably be pointing to some other domain name, which can
affect consumer confidence.

That takes care of the secure connection, but it still leaves you vulnerable
in that you are storing the raw credit card data in your database. You
should encrypt the credit card number and store the encrypted version in
your database. This way, if someone is able to get into your database, the
credit card data is still secured (assuming they don't know how to get the
decryption key). I recommend checking out ASPEncrypt. They have some good
examples as well:

http://www.aspencrypt.com/
http://www.aspencrypt.com/task_creditcard.html

Hope this helps.
Regards,
Peter Foti
Jul 19 '05 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
SSL - TAKING CREDIT CARD DETAILS - SIMPLE QUESTION
by: sam1967 | last post by:
I know how to build forms with ASP and process user input. Now i want to take credit card payments via a form. i will then download the details and process them via our credit card machine. do...
ASP / Active Server Pages
10
credit card validation routine
by: dries | last post by:
A friend of mine has a problem with his credit card validation routine and it is probably a simple thing to solve but I cannot find it. It has to do with the expiry dates. What happens is that as...
Javascript
3
ASP.NET Credit Card Swiping
by: Ryan | last post by:
If I have an internal company web application is there any way that the terminals using this application could have credit card readers where the credit card information gets automatically updated...
ASP.NET
6
Credit Cards
by: Arne | last post by:
What would be a good component for processing credit cards? (I am not using commerce server.) Would I need to encrypt the credit card column in the database?
ASP.NET
3
Credit Card Transaction Strategy
by: mikekissman | last post by:
I've built an online reservation website in ASP .NET with a SQL Server backend. It allows customers to search for available resources, than charges their credit card a fee to hold the reservation....
ASP.NET
1
Entering credit card number without spaces and dashes
by: veg_all | last post by:
I am often surprised to see many websites require that the credit card not be entered with any spaces or dashes. This is very trivial to remove those characters that I wonder about the security of...
PHP
11
credit card reciept response
by: Paul Furman | last post by:
I'm setting up credit card payment through authorize.net and they have the option to send a POST string back to my site once complete. I'm not sure how to proceed. They don't have much to read...
PHP
4
q; Keeping Credit Card in the database
by: =?Utf-8?B?SklNLkgu?= | last post by:
Keeping Credit Card in the database: If I am going to keep credit card information in the database, what process and procedure I need to pay attention so that I would not be in trouble because of...
ASP.NET
1
secured credit card
by: securedcardss | last post by:
http://card.2youtop.info secured credit card card credit instant secured card cash credit secured card
C# / C Sharp
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!