SSL / encryption of information
Posted on 2006-05-26
I am developing an e-commerce site for a client. The client accepts credit cards but for accounting purposes does NOT want to process the credit card through a payment gateway. Instead, when a website visitor makes a purchase, the credit card number should be entered into a form on the site and the purchase information emailed to the Orders Processing tech.
NO NEED TO ARGUE: I'VE MENTIONED THIS PARTIALLY ON THIS FORUM AND I HAVE TALKED WITH THEM AT LENGTH ABOUT POTENTIAL RISKS.
The site will be hosted with a major hosting company that provides e-commerce hosting (ColdFusion / IIS platform).
Will having an SSL Certificate give me the ability to encrypt credit card information to the server and through the email to the Orders Processing tech? I am using an add on shopping cart, Cartweaver, but again, no payment gateway, no merchant. It is being processed over the phone.
Is it feasible or likely that the host would encrpyt anything coming to the client?
Since I'm still hoping to talk them out of this method, I'm gathering what I can from reputable online sources about this type of transaction, such as an article from Better Business Bureau. Can't find alot. Any links also appreciated.