Welcome to WebmasterWorld Guest from 54.196.153.46

Forum Moderators: buckworks

Message Too Old, No Replies

E-commerce Security: SSL

Novice Needs Familiarity With SSL and more

     
9:54 pm on Sep 21, 2007 (gmt 0)

New User

5+ Year Member

joined:Sept 1, 2007
posts:12
votes: 0


Hi All,

I am creating a web site that will accept payment via credit cards and i have no idea the kind of security that will be required to make this as safe as it can possibly be.

I need to know what to do in this regard.

I am also creating a backend database for registering and to login members/users

I have been reading up on SSL which i think i could use to secure all data between my MySQL database and my web clients.

Will i need to get intouch with a CA for this?

If anyone can direct me to a good web resource or article, or maybe even an e-book that deals with this kind of stuff, i would be greatful

Thanks in advance for your time.

All suggestions welcomed.

6:56 pm on Sept 30, 2007 (gmt 0)

New User

10+ Year Member

joined:June 16, 2004
posts:21
votes: 0


Locus,

If you are planning to become a service provider that handles Credit Card data, then you really want to read up on the Payment Card Industry Data Security Standards (PCI DSS)

Basically, there are a whole bunch of security requirements that you need to comply with or face loosing your merchant customer's card processing rights and possibly exposing yourself to legal action and/or fines.

Decent overview on Wikipedia:
[en.wikipedia.org...]

Official home of the standards organization:
[pcisecuritystandards.org...]

8:01 am on Oct 2, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


PCI Compliance Guide [pcicomplianceguide.org]

If, however, you plan on using a secure gateway to process credit cards, and not store credit card information on your server, PCI compliance is not your issue, it is the gatway provider's responsibility.

What you will need is an SSL cert installed on your server so you can connect to the gateway, they will refuse connections from non-secure locations.