Forum Moderators: buckworks
the restaurant currently can only accept orders by phone or fax, and the owner is completely computer-illiterate, so a computer is out of the question. Our solution was to take the online order and have have it faxed to him. Our original idea was to have the order sent to a 3rd party fax service, and pay the ~.10 cents per order, but we soon realized that we could setup a dedicated fax server at our office, and have all orders routed through it for free (free local/long distance calls).
so this has left us with an order, being securely encrypted from the customers computer to our dedicated unix server, and than have it encrypted and securely transferred to our dedicated fax server at our office and sent to the pizzeria.
the complication arose when we started discussing how credit cards would be processed. We could have it securely done with an online processing gateway, but the problem with that is a) it is more expensive than what he pays processing cards at the restaurant and b) it creates a lot more complications because we will need to set up some way for him to track and receive compensation for each order. So that wasn't a good solution. The next was to just have the credit info sent with the order via fax. I think this is a perfectly viable solution, pending there is proper encryption from the customers computer up to the point of fax. My reason for thinking this is because i don't think there is any more of a security risk for people to hack in and steal the cc info than there would be with a conventional online order, and once it is up to the point of fax and is sent to the restaurant, i don't believe there is anymore of a risk here than with taking the information over the phone. A fax call is just a phone call with paper. However, my partner is unsure of this, and feels something isn't legit with this system. He believes that we need to somehow encrypt the cc number (into a barcode or something) before it is faxed, and than have something at the restaurant that can decipher it. I feel this is unnecessary, what do you think? Any input is greatly appreciated.
the bottom line here is the a) argument - the usual "oooh thats expensive" - it isn't expensive, it's just that everyone wants everything for nothing - even if it cost just $1 per month the restaurant owner (or any other client) will resent paying for it even though it could bring in much more business
if you work out the actual cost difference between online and offline payments, it's probably just pennies
so go with secure online payments - and once payment has been authorised, fax the order across to the restaurant - job done
-Corey
Somethings come with the territory and he must learn or hire someone. You might be also responsible and can be found guilty of gross negligence in security. Do not recommend this procedure to your client, as the client may pass the buck to you in the court; "The tech guy told me to do so!". There are some commonsense security procedure you must follow when handling money. How would you feel if Walmart posted you credit card number on a big board, in the employee lounge?
Unless I'm missing something I would assume that customer sends order and then goes to the pizziaria to pick up there order, why not have them just pay with credit card then?
I must be missing something since no one has brought this up yet.
