10-11-2004, 11:34 PM
I am currently building a site that has two forms. The first is a contact form uses a very simple php script that emails the results of the form to my client. The second form, which I have yet to build, will have contact information fields, but will also contain a field for a credit card number. My question is if I build the second form using the same simple PHP script, is that secure enough to send credit card information through, or can people hack into it somehow?
Thanks for your help!
10-11-2004, 11:58 PM
First thing, whenever you have anything to do with credit cards, don't EVER send the details by email. Using php alone won't make it secure, you will also need to use SSL.
If you're going to be dealing with credit cards, my best advise is to use a merchant provider. That way, if anything goes wrong you're not to blame and don't get sued for holding bank details insecurely. Merchant providers have the top security in place for cards
10-18-2004, 05:52 PM
...My question is if I build the second form using the same simple PHP script, is that secure enough to send credit card information through, or can people hack into it somehow?
Nightfire already answered your question but I'll give you the short answer -- No.
The only correction I would make is that Merchant Service Providers (MSP) provide merchant accounts for processing the credit cards. Gateway providers provide the secure link between your site and the merchant account that the MSP is providing...