Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Secure Credit Card Transactions using Coldfusion

Posted on 2005-04-04
Medium Priority
Last Modified: 2013-12-24
I have a form that I am submitting through email that requests for credit card numbers which I want sent via email to the company.  What, from your experience, is the simplest way to do this and still ensure a reasonably high sense of security for the customer.  I posted this under coldfusion because that's what I'm using, so if I have to use https, is it possible for someone to show me how.  Details are appreciated.
Question by:Eduski
LVL 12

Accepted Solution

mmc98dl1 earned 300 total points
ID: 13704299
There is a lot of things to think about when it comes to credit card numbers and security. My preferred solution is to integrate with a company like www.worldpay.com or www.secpay.com and let them do all the processing and handling of that sensitive data.  It takes away the headache.

If you are using email, there is virtually zero in the way of security. If you have no choice, then make sure the email is sent only between servers on your company network, dont send that info across the internet or any public servers as it isnt encrypted or anything.

For the form and processing pages that collect the info you should use https - I recommend getting your certificate from www.thawte.com cheaper than verisign, but does the same job.

If you are hosting this site with a hosting company they should be able to help you set up the https.  To get good instructions on how to install a certificate let us know about your system, webserver etc.

Again, I must press on you that email is NOT the way to transfer credt card details.
LVL 17

Expert Comment

ID: 13705497
For email you can only use PGP to make it secure
And yes, email certainly is not the way to go...
LVL 35

Assisted Solution

mrichmon earned 200 total points
ID: 13708715
>> sent via email to the company

There is no way that it will be secure nor that the customer will feel even remotely secure if you send via email.

In fact you or the company can get sued if you send the information via email and it gets used for fraudulent purposes since you did not take any measures to ensure the security of the data.

I beleive the law says something like "good faith effort" which means that you did the best that you took reasonable measures to secure the data.  Email does not meet this standard.

Https is a good way to go.  Also the data should be encrypted in the database that you store it in.

If your company is accepting Visa or Mastercard then realize a few things:

1) They publish a security guide which you must follow.
2) If you do not they can suspend your company from accepting visa and mastercard branded credit cards.  This i not limited to online sales.  If you are suspended it means all sales - so if your company also has a physical store and you get caught in violation of the policies you could have your whole company - online and physical prevented from using those credit cards.

Here is a link to the Visa guide:

Visa USA has instituted the Cardholder Information Security Program (CISP). Mandated since June 2001, the program is intended to protect Visa cardholder data—wherever it resides—ensuring that members, merchants, and service providers maintain the highest information security standard.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While opting for any web-to-print solution, you need to discuss with your team and some of your end users and know their opinions about your decisions. In this article we list down some questions you need to ask yourself.
WooCommerce is becoming the most powerful e-commerce plugin for Wordpress. And why not. The platform comprises of numerous core plugins that may come in handy, powerful options to make your website development task much easier.
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question