Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Online Form - Accepting Donations

Status
Not open for further replies.
ayersart

ayersart

Technical User
Dec 21, 2004
69
US
I have to set up an online donation form, similar to
You can select the donation amount, or enter in an amount of your own.

It also needs to select which fund it is going to, as well as the occurrence of the gift (one time or monthly).

I have a secure site, but understand the submitting CC#'s through email is unsecure. My client needs to collect the numbers and then enter them into a processor they already have.

What would be the best way to go about doing this?? Thanks in advance for any help!
 
Sort by date Sort by votes
Hi

Huh ? Credit card number is a personal information. It is handled only by the financial institute which performs the transaction. Nobody else should ever see it.

Feherke.
 
Upvote 0 Downvote
It is for a business who manually processes the credit card numbers.
 
Upvote 0 Downvote
It would probably be a good idea to use something like Paypal or some other pay service, so that your organization does not have that responsibility to deal with. With the amount of hacking and stealing that information going on, it's not something (I would think) that any business should deal with unless they absolutely have to.

--

"If to err is human, then I must be some kind of human!" -Me
 
Upvote 0 Downvote
I don't think that's a good way to do it or even whether the card companies/bank would be happy about it.

Simplest way to do this is to use a card processor like Paypal, WorldPay etc.

You may want to speak to the bank and see what online processing services they offer.

Storing card numbers is very, very risky. I believe there is even a move within card processing to no longer permit "card holder not present" transactions because they are open to so much abuse.

To protect your client even before the customer, I would look into a proper online card processing facility and never store any card data at all.

<honk>*:O)</honk>

Tyres: Mine's a pint of the black stuff.
Mike: You can't drink a pint of Bovril.
 
Upvote 0 Downvote
I stored the CC number and customer details for a client. We used https for the transaction, and stored the CC number across two fields in the database that were named "so as not to give an indication as to their nature". Hardly a perfect solution, but not as obvious as a field called "CCNum" populated with 16 digits [smile]

The CC number was presented using a back office function (again over https) to allow processing of the order... and a facility was put in place to (easily) blank out the CC number for when the transaction was completed. This gave the owners the ability to remove the CC number entirely.

Guess what? They never bother to blank out the CC number - and they were not happy having to shell out for https to protect the data.

Just another way.

Cheers,
Jeff

[tt]Jeff's Blog [!]@[/!] CodeRambler
[/tt]

Make sure your web page and css validates properly against the doctype you have chosen - before you attempt to debug a problem!

FAQ216-6094
 
Upvote 0 Downvote
CC numbers via e-mail? I'd never donate on that site.

I don't think there is any real good reason to do it this way. Use PayPal, 3rd party vendors, or let your bank handle the transaction. You need a secure connection for sensitive information like this.

BabyJeffy, i'm surprised that you did it this way. I had a client who wanted to store the entire CC num along with other data in their dB (they did use a 3rd party vendor to process the transaction but wanted to store the info for future visits). I would up hashing the CC number and all sensitive data before storing it in the dB.

_____________________________
Just Imagine.
 
Upvote 0 Downvote
Actually... as I recall... I did implement a very primitive hash before storing the CC number in two parts. I wouldn't take very long to figure it out if you had the code, but if you just got the database data it would be very unlikely you would even know it was CC number data.

Agreed on emailing CC numbers... very dodgy... yet I recently did an audit of an ecommerce store (turn over of about £10m a year) and that's exactly how they transfer the data from the server to their office admin staff *shiver*

Cheers,
Jeff

[tt]Jeff's Blog [!]@[/!] CodeRambler
[/tt]

Make sure your web page and css validates properly against the doctype you have chosen - before you attempt to debug a problem!

FAQ216-6094
 
Upvote 0 Downvote
So, how would you recommend it be handled? which processor? transferring a user to paypal to complete a payment seems very amateurish to me.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nomaam22
  • Locked
  • Question
Monitor Form POST
Replies
3
Views
90
ingresman
ingresman
Beowulf005
  • Locked
  • Question
Form Mailer
Replies
2
Views
66
BillyRayPreachersSon
BillyRayPreachersSon
Foamcow
  • Locked
  • Helpful tip
Preventing mail form/comment form spam
Replies
5
Views
95
Foamcow
Foamcow
Beowulf005
  • Locked
  • Question
Reply to Form Post
Replies
4
Views
70
Beowulf005
Beowulf005
fauntleroy
  • Locked
  • Question
PHP form question - non-mandatory fields
Replies
1
Views
68
johnwm
johnwm

Part and Inventory Search

Sponsor

Back
Top