wisdom for secure email form

wholein1

Hello,

I need to get some help with a contact form sent through email (without using a database). It will be a contact form for a resturant menu. I would like to have the customer to be able send their credit card informaiton. My concern is to make sure that it is a secure enviroment. THe info will come into to outlook or outlook express then they will manually enter the credit card information.
Please help me understand the best way to handle this.

thank you

jeff

EPJS

Well the best way to send sensitive data (such as credit card numbers) securely online is to use SSL (Secure Socket Layer).

I found this definition by using google

Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.

Letting your customers know that you have SSL protection gives your site credibility and may encourage customers to deal with you in confidence.

http://www.vidoni.com.au/html/glossary.html

Azala

Is that even legal?

I thought CC info was a direct communication with a serious provider through an API provided by them through your site?

I wouldn't wanna shop anywhere where my CC info was received in someones Inbox in Outlook, seriously.

Could you trust that employee not to abuse that info? I think not.

wholein1

thank you for your response

I am new to this side of website building. I ussally stay on the safe side to to the lack of knowledge of PHP coding. SO I purchase the SSL certificate and apply it to the site. Then how does that secure the information.

Does it secure the emails that come from the contact form to the rest. owner?

Thank you

Jeff

wholein1

Well that would be something to consider as fars as the legality of the information. But as far as the employee seeing thinformation woudl be no difernt than if you had them swipe the information or it was called in...... I would think.

Jeff

Azala

Sorry I didn't mean to come off as harsh or anything.

My advice to you though is to come up with a solution where your client has no control over the transaction that occurs when the user pays.

leatherback

There are plenty of CC processing organisations on the web. Use them. Build the bill, and store the order in your order book, and transfer them to the creditcard processing organisation for payment, I'd say..

wholein1

the problem is that they do not want to apy for the time involved in setting up, neither does it make sense for them to set this up with a thrid party when they are a new up star business. We where trying to get around all the cost that is involved in setting up a system.

Thanks for all your help. After spending time inresearch I am going to propose to them that they can get the order but they will have to respond by cash payment or credit card by phone

Thanks
Jeff