homepage Welcome to WebmasterWorld Guest from 54.145.183.169
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
E-commerce Security: SSL
Novice Needs Familiarity With SSL and more
locus123

5+ Year Member



 
Msg#: 3457601 posted 9:54 pm on Sep 21, 2007 (gmt 0)

Hi All,

I am creating a web site that will accept payment via credit cards and i have no idea the kind of security that will be required to make this as safe as it can possibly be.

I need to know what to do in this regard.

I am also creating a backend database for registering and to login members/users

I have been reading up on SSL which i think i could use to secure all data between my MySQL database and my web clients.

Will i need to get intouch with a CA for this?

If anyone can direct me to a good web resource or article, or maybe even an e-book that deals with this kind of stuff, i would be greatful

Thanks in advance for your time.

All suggestions welcomed.

 

DigitalSorceress

10+ Year Member



 
Msg#: 3457601 posted 6:56 pm on Sep 30, 2007 (gmt 0)

Locus,

If you are planning to become a service provider that handles Credit Card data, then you really want to read up on the Payment Card Industry Data Security Standards (PCI DSS)

Basically, there are a whole bunch of security requirements that you need to comply with or face loosing your merchant customer's card processing rights and possibly exposing yourself to legal action and/or fines.

Decent overview on Wikipedia:
[en.wikipedia.org...]

Official home of the standards organization:
https://www.pcisecuritystandards.org/

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3457601 posted 8:01 am on Oct 2, 2007 (gmt 0)

PCI Compliance Guide [pcicomplianceguide.org]

If, however, you plan on using a secure gateway to process credit cards, and not store credit card information on your server, PCI compliance is not your issue, it is the gatway provider's responsibility.

What you will need is an SSL cert installed on your server so you can connect to the gateway, they will refuse connections from non-secure locations.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved