We would like to take the customers card details and key them into our machine, saving on the need for Worldpay or Auth.net.

Could be a violation of the agreement with the merchant account provider.

1. our shopping cart will direct people to the 'Billing Page', and will hopefully bring up the security box.

What security box are your referring to?

2. They will then be taken to [ourdomain.com...] where they can input these details and they will be kept somehwere (i'm not sure where though, a database?)

That's up to you but most folks store this info (when they go this route) in a secured database.

But how exactly does it work, do I just buy an SSl certifiacte, and install it in the folder where by billing page is?

You buy an SSL Cert for the domain. The Cert is applied to your domain (www.yourdn.com or yourdn.com) through an admin interface on the webserver. Once it is applied you can invoke a secure connection simply by using https rather than http.

Also what is the best shopping cart to use? Oscommerce is the favourite so far, but does this easily support SSL?

Ooog. We get this question a lot. The answer is - it depends. osCommerce is a good cart. Not great and not simple. There are many other options out there as well. osCommerce will support SSL just fine. It's a simple edit to two lines of code within the config files for the public and admin areas.

1. our shopping cart will direct people to the 'Billing Page', and will hopefully bring up the security box.
2. They will then be taken to [ourdomain.com...] where they can input these details and they will be kept somehwere (i'm not sure where though, a database?)
3. We can then retrieve them, and key in the numbers and away we go.

But how exactly does it work, do I just buy an SSl certifiacte, and install it in the folder where by billing page is?

Also what is the best shopping cart to use? Oscommerce is the favourite so far, but does this easily support SSL?

I am also confused by this security box. Or are you wanting a pop-up saying your page is secure?

If you are using an electronic payment gateway (LinkPoint, authorizenet.com Verisign, etc) no reason to store the CC numbers. The gateways will do recurring billing as well if you need them to.

Are you using an electronic gateway - I mean, you did state authorizenet.com - so no need to key etc.

Your webhosting company might need to be involved to get an SSL. For example, on IIS, you generate a CSR & then upload this to the SSL provider.

Shopping cart? What do you want it to do - affiliates, hooked into UPS / USPS, taxes, shipping, language?

-Corey

Hi Lorax,

Thanks for the tips. Sorry I wasn't to clear, I was in a bit of a rush typing the post.

The little security box I was describing was the one that comes up in Internet explorer entitled 'Security Alert', and says you are abot to view pages over a secure connection. It comes up anytime you go to an https address.

I think I might understand then. So I install the certificate on my domain, and then it is ready to go?

Now lets say that the customer has just entered there delivery details, and the next page is the payment page, and I need it to be a secure address. Rather than tell the 'next' button in the cart to go to [mydomainname.com...] I tell it to go to [mydomainname.com...] and this sets up a secure connection?

One last thing then. As I mentioned, I already own a site using worldpay (which is why I am not clued up on it all very much), and I just triedputting in that url with a [,...] and it says 'Security Alert' and then goes on to say the certificate is invalid (obviously, as there is no certificate installed). If there was a certificate installed, it wouldn't say this. Is that right? Also, I then seemed to be directed to another website that I don't own, although my url was in the top (albeit with [)....]

Why on earth was this? It seems strange to me that it would do this.

One other thing I've just thought of.

Would I just be better off using Mals ecommerce? I've heard a lot of good things about it (mainly from Essex_Boy!). It seems easy enough, and we then get the cc numbers to key into the pdq machine. The only problem is that it takes you away form the site, and that it can't be database driven.

That security box will only show up on a client's browser if they have that setting to.

And yes - just set it up to go to [example.com...] & that will be great

If you are not in the United States, Mals-E is good for UK merchants. I do recommend them for UK merchants.

As far as the security alert - it would not state that if you had an SSL installed.

-Corey

thanks corey.

I am seriously considering Mals ecommerce, as it seems to be the easiest option. I have come across sites that use it, and it seems great.

I would rather an SSL certificate on our server though, as it will always keep visitors on our site.

But We will see about that. Maybe I will trial it with mals e-commerce, and if all goes well, look at our own ssl certifiacte.

Good day.

thanks corey.

I am seriously considering Mals ecommerce, as it seems to be the easiest option. I have come across sites that use it, and it seems great.

I would rather an SSL certificate on our server though, as it will always keep visitors on our site.

But We will see about that. Maybe I will trial it with mals e-commerce, and if all goes well, look at our own ssl certifiacte.

Good day.