> > I have a paypal account setup and am going to upgrade to the virtual > terminal, however the client would like to collect the credit > card details > as security (he is a hotelier) > > Is it possible to securely send these details via the > internet or should I > suggest he just gets them to phone them through? > You need to use an encrypted link, like SSL. But there are almost certainly safer ways to accomplish your goals than handling credit cards yourself. The fact that you ask this question suggests that you and your client might have not thoroughly thought through the implications. Generally, it is a really, really BAD idea to store credit card information (on systems, on paper slips, on post-it notes). One little oversight, one little compromise, and all of a sudden you have potentially 1000s of YOUR CUSTOMER'S credit cards leaked into who knows who's hands. Assuming you're lucky enough to know that it has happened at all, you will then be faced with cleaning the whole mess up. Irrepairable damage will have been done to your, and your client's reputations. The legal ramifications are staggering. Make sure you get a signed release from liability from your client so he can't come after you if he gets sued. If you consider the implications and decide to go forward anyway, I suggest you read a LOT about internet security. http://phpsec.org/library/ is a great place to start with regards to the PHP aspects of this. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
