There are loads of providers who'll provide new businesses with merchant accounts and gateways. Mainstream banks don't generally cater to the needs of online businesses.
Honestly, splitting CC numbers and sending half over an insecure medium (E-mail) and storing the other half is only a small step above storing the entire thing unencrypted.
If you are going to do the job, do it properly and get a secure gateway and eral time processing.

Sorry should have said i am based in New Zealand, and we only tend to have mainstream banks here, the few non mainstream companies that do this type of thing charge exorbitant fees, and also the client wants to stay with their bank as they have a good relationship with the bank and there is a local branch

Yes I want them to use a payment gateway too, but that is not an option at this point

They can't get it, till they have been processing credit cards for at least 3 months so the bank can see their volume or whatever

It's really frustrating because normally i have to cajole clients into using a payment gateway as most think emailing or faxing are secure options, and these clients actually knew what they wanted..

Cheers

no, your security methods are not enough

companies like worldpay and 2checkout can provide real time processing for small businesses in new zealand - both are fairly easy to integrate with - even easier if you use a shopping cart that works with them

Thanks

But the problem is they need to do offline processing for the next 3 months, and I need to make it secure

Their customers have very emphatically said No to paypal and want to deal with someone they know and trust (yes i know giving a company your Credit card number for purchase is taking a risk), but from the feedback they have received it seems most people are happy to hand over their creditcard to the company they are dealing with, but are sceptical about going through an intermediary like paypal, or others that are lesser known ones.

So how do i make my current system more secure, I notice that zen cart uses a similar system to myself, and it does seem to being used for a number of small businesses over here, so am I worrying a bit two much will it be fine for the next 3 months

Why don't you just use public key encryption?

Here is how I might do it. First I would encrypt the transaction information on the server using the public key and base64 encode it so that you could store it as text. Then I would store it in the database(for backup) and also email the order to the client. Next build a small application that runs on the clients machine and that allows the client to copy/paste the order information into it and uses the private key to decrypt the order information.

This way you don't have to worry about storing the information on the server at all. It is not unencryptable using what is on the server. You do however need to make sure that the machine running the decription program is secure.

mike

>>yes i know giving a company your Credit card number
>>for purchase is taking a risk

so is getting out of bed in the morning - do you know how many people are injured and killed each year just getting out of bed?

but that's going off-topic - ecommerce is booming - people are willing to pay online by credit card so set your client up with real time processing .........

You could buy a cart/store solution (like x-cart which is php/mysql based for $200). Use ssl and just store the card info. The software I mentioned allows you to look at orders and you could then just process them manually.