I'm in a bit of a quandary and was hoping for some advice.
I'm based in the UK and have a meeting this week with a merchants who wants an ecommerce site building.
I discussed their requirements very briefly over the phone prior to making the appointment to scope the project out properly.
When I asked about payment methods, merchant account with the bank etc, this prospective customer was adamant that they did not want to use any online payment system but wanted the credit card details emailed to them from the checkout.
I pointed out that this really wasn't a secure method and that they would be liable for loss of any credit card data - but that didn't bother them and they were happy to take the risk as all their pc's etc are password protected.
I supply the hosting with all of the sites I build, and this covers email etc.
What I'm worried about is - am I liable in any way? I'm a reseller for hosting, I have no idea who may and who may not be able to access their email accounts etc.
Professionally speaking - I don't think they should accept people's data in this way. I certainly wouldn't want my credit card data sitting in logs on mailservers, people's pc's etc.
But, is it up to me to tell them what to do. Obviously I'd ike to take the work but....
Anyone been in a similar situation? If so, what did you do? Am I better of leaving alone or should I just shut up and do the job?