Here's a few payment processors.
Some of them are located in United States and others in United Kingdom.
Haven't tried all of them personally, but many professionals have
recommended them.
PayPal is still the best way to go because of its low cost.
VeriSign is probably the most secure of all but it's also one of the most
expensive.
Datacash has a very usefull test service for testing out your transactions.
You can perform test transactions using so-called "magic" credit card
munbers supplied by DataCash, which will accept or decline transactions
without performing any actual financial transactions. This is fantastic for
development purposes, because you don't want to use your own credit cards
for testing.
Hope they are of use
Gateway Services:
United States URL United Kingdom
URL
CyberCash http://www.cybercash.com/ Arcot
http://www.arcot.com
First Data http://www.firstdata.com/ WorldPay
http://www.worldpay.com/
Cardservice http://www.cardservice.com/ DataCash
http://www.datacash.com/
International
VeriSign http://www.verisign.com/ ICVerify
http://www.icverify.com/
Payflow Pro products/payflow/pro
CyberCash
----- Original Message -----
From: "I. Gray" <phpsupport@xxxxxxxxxxxxxxxxxxxx>
To: <php-db@xxxxxxxxxxxxx>; "Bastien Koert" <bastien_k@xxxxxxxxxxx>
Sent: Tuesday, June 14, 2005 9:36 AM
Subject: Re: Security and MYSQL databases
Thanks,
I kind of suspected this, but it's good to be told. I wouldn't want to
like to think my CC details were held on some database somewhere where it
can get hacked into. Apart from paypal are there any other 3rd party
payment processors that anyone recommends? I think we're perhaps going a
little off topic here, so sorry.
Bastien Koert wrote:
You should never [almost never ever] store cc details from your users.
Integrate a 3rd party payment processor into your site and process the
payments immediately. It will cut down on fraud and chargebacks by the
users. Its also more secure since the cc details are not stored on your
machine. What you get back is a payment confirmation number which you can
store in your systemto reord that payment was approved...and if you don't
get one, you know immediately its been disallowed so you can stop the
process at that point.
The issues against it are:
1. its not completely secure. You don't have direct control of the server
and therefore can't assure yourself that the system is locked down tight
and kept updated.
2. Your db may not be secure enough
3. Your code may allow for holes that allow hackers to gain access to the
data.
4. The liability for your business, should your data become compromised.
Don't say it can't happen. Ask Playboy.com. Hackers access 8million
accounts and had all the details.
If you can't use a 3rd party processor, then you still shouldn't store
the data on the server, but send an encrypted email (using pgp) to
yourself with the account / order details for processing. But I strongly
recommend using a 3rd party processor.
Bastien
From: "I. Gray" <phpsupport@xxxxxxxxxxxxxxxxxxxx>
To: php-db@xxxxxxxxxxxxx
Subject: Security and MYSQL databases
Date: Tue, 14 Jun 2005 14:36:50 +0100
Hello.
Simple question. An SSL server and a standard a shared MYSQL server that
I have with my hosts. If I am to set up a shopping cart system, is this
a secure way of handling credit card details. What is the best way of
receiving the details? I assume an email is not a good way as these can
be intercepted. Is MYSQL secure enough in this way?
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
