NOt sure if this is strictly an asp question but here we go-

I am looking at the possibility of sending credit card details from an ASP ecommerce site by secure email. Could I have some feedback:-

What are the pros/cons of this

Any dos and donts

How do I do it!

Cheers

Monkey

Dont.

I can't think of any reason why you would like to email creditcard details. I would never trust a site that stores my creditcard-details without hashing them and i can't imagen any use for emailing hashed creditcarddetails.
Would you trust a site if you knew they mailed your details to someone else? Even if you encode the messages, if they hack into the other persons email-account ...


Anyway, then only secure way of sending them would be encoding them using a private key that you have exchanged with the receiving party over another medium (post or hand it over or whatever).

Who would you recomend I use to process online cc transactions? I have heard bad things about Paypal and World Pay - and nothing seems easy!!!

I am new to online tranactions. the reasons I thought of emails are the client can use his existing PDQ machine, he can process the CC when th eproduct is ready (they are custom made products which can take some time) and he will find out very quickly if the CC transaction is fraudulent (I have heard people say that World Pay has taken over a month to inform of problems)

Is there a site that explains how to set up online transactions?


Cheers for your input

monkey

You mentioned "Who would you recommend I use to process online cc transactions? I have heard bad things about Paypal and World Pay - and nothing seems easy!!!". To answer this you need to make a decision: use a third party processor because they are cheap or get a real merchant account because you need convenience and flexibility.

Of the third party processors, yes you hear bad things about Paypal and World Pay and I personally can't stand third party processors but the fact is that PP is the biggest and WP is in the top 3 so if this is the route you choose, one of these two would probably be your best choice.

Getting a real merchant account will cost you a bit more up front, and if your monthly volume is low, may cost you more in monthly fees, but it is a more flexible and I think, more professional looking. If you decide on this route, there are several gateways out there. Shop around and find the one that best suites your needs...

Shift4Sms

I'm confused!:confused:

What is a 'real merchant account?'
I thought the only way to do online transactions was through something like Worldpay? Where can I get one (i have looked at your site, but I am in The UK)
Cheers

Monkey

A "real merchant account" is one held by, for instance, Amazon. They don't open up a Worldpay window, they have their own bespoke system that does exactly the same thing as when you hand your card over at the checkout in Tesco. I don't know much about these systems, but if you think your business need is large enough to warrant it, then I guess a good place to start finding out would be to start ringing the high street banks and credit card companies; it all goes through their systems eventually. Essentially, that's all Worldpay (and the others) is; a ready-built portal through which you talk to these systems.

I've used paypal quite a bit and havent' had any problems. And when I ran my lan party business we used them to sell admission tickets, it was easy and reliable.

I'm sure there are people that have had a bad experience but it is the chance you have to deal with.

Originally posted by Boxhead
What is a 'real merchant account?' Basically, every bankcard transaction must go through a real merchant account.

With third party processor solutions like Paypal and WorldPay, the merchant account is their account and not yours. When a customer gets his bank statement he will see "Paypal" or "WorldPay" and not "Boxhead Gizmos". Also, with most third party solutions (if not all), you must send your customer to the third party site to process the payment, which can be good and bad. Up front costs for TPP solutions is usually low or non-existent and most do not have any fixed monthly fees but the per transaction fee is generally high.

With "real" merchant account solutions, you (as a site owner) usually have full control over what the user sees and never have to direct them to another third party site and your name will appear on the customers bank statement. Up front costs are usually higher with this solution and there are usually fixed monthly costs but your per transaction cost is usually lower.

The costs of the two types of solutions differ quite a bit and to make things worse, the costs of different "real" merchant account providers can differ greatly (I've seen some being higher than TPP's). Shop around and place all the cost in a spreadsheet and plug in your actual or predicted volume numbers. A rule of thumb cost wise is over $1000 per month in dollar volume (customer purchases), go with a RMA solution; under $1000, go with a TPP. There are other factors but I find most people dwell on solution cost.

Lastly, gateways (like our solution) are just that, a gateway. You need a merchant account. Some merchant account provider's bundle in gateway services, many do not. So make sure you include gateway fees (if any) in your comparison spreadsheet. I can refer you to a merchant account provider that deals in the UK but I'll be perfectly honest, their customer support is horrid so I would rather not publicly reference their name -- when everything works everything is great, any problems and it can take weeks to resolve. PM me if you still want the info after reading this "rave" review...