Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: buckworks
I am creating a web site that will accept payment via credit cards and i have no idea the kind of security that will be required to make this as safe as it can possibly be.
I need to know what to do in this regard.
I am also creating a backend database for registering and to login members/users
I have been reading up on SSL which i think i could use to secure all data between my MySQL database and my web clients.
Will i need to get intouch with a CA for this?
If anyone can direct me to a good web resource or article, or maybe even an e-book that deals with this kind of stuff, i would be greatful
Thanks in advance for your time.
All suggestions welcomed.
If you are planning to become a service provider that handles Credit Card data, then you really want to read up on the Payment Card Industry Data Security Standards (PCI DSS)
Basically, there are a whole bunch of security requirements that you need to comply with or face loosing your merchant customer's card processing rights and possibly exposing yourself to legal action and/or fines.
Decent overview on Wikipedia:
Official home of the standards organization:
If, however, you plan on using a secure gateway to process credit cards, and not store credit card information on your server, PCI compliance is not your issue, it is the gatway provider's responsibility.
What you will need is an SSL cert installed on your server so you can connect to the gateway, they will refuse connections from non-secure locations.