korkus2000,

You need an ssl connection so the form the customer fills out is sent encryted on the web.

Once the server receives and parses the form data it can either store it on the server, or email it to someone who can process the order.

EITHER WAY, the data MUST be encypted before storing or emailing. This requires an encryption executable such as PGP or GPG.

The answer is, you need both, an SSL connection and an encryption program.

Some HOSTS will provide use of their certificate for SSL transactions. They usually charge by the month for this service (about $20 a month). Some HOSTS also have a PGP or GPG executable you can use. If you find a host which can provide both features, you can provide a simple ordering system very inexpensively.

-Marty

I'm a little confused? If you lost the bid, how does this matter? (Just a question).

Anyway, an affiliate brought his certicate (dot.za) $50.00 US and as I understand this is a common practice.

A friend, an ITI graduate had to design an encrypted e-mail account for a point-of-sale terminal (offline credit card debit). She did it very easily and got a free certificate from a local university.

Have a client that uses JavaScript and FTP with SSL and password protects the .pl directory.

Are they shady... maybe, but that should be the company's concern I would think?

My humble opinion

I haven't lost the job. The company gave me the proposal to see if I can bring the price down. I created their original site in the first place. They trust me and know that I won't let them get screwed. If the company can do it just as well cheaper then I believe they should go with them.

I always heard you never really want to send cc info through email. I have a host that supports ecom with certificate. Thats how my programmer was going to get it done. He is the one who told me that to create an encrypted email on the fly is very intensive. There bid was very low(>1000) for a total site redesign (30 pages) and adding ecom.

I just want to make sure they don't get ripped off.

Korkus2000 - I had a similar problem - I quoted a client $13,000 for a site, then she told me her secretary's cousin could do it for $500. Of course, I said, "show me what he is proposing and some other sites he's done..."

I then went into Yahoo, did a search for attorneys (her business), and started clicking. Guess what - everything this kid was passing off as his own work was stolen - images, copy and all - from other legal sites.
He would literally steal an entire site, and pass it off as his own.

Don't know if you will find that to be the case for you, but that price seems so ridiculously low that:
A) - the designers can't possibly plan on making any money OR staying in business and

B)The chances that there will be "original" creative involved are slim and none.

Good luck. Hopefully your client puts a premium on relationships and quality, and understands that in web design and everything else, "you get what you pay for."

How about PGP formail? I have used that along with ssl certificate for the form.

LOL, stealing from lawyers? It's probably a better idea to steal from the mob than from lawyers...

why not use worldpay or other credit card processing company?

if you go the SSL route, there will be an annual fee for the certificate, plus extra development costs, plus extra security measures, plus the cost of the time to process each transaction - if there are a lot of transactions, the client will be spending a lot of time processing them manually or paying someone to process them for him.

with a card processing company, there will be an annual fee in place of the SSL fee, lower development costs as integration is quicker, fewer security issues, and all transactions are processed automatically, therefore saving the client the time costs of manually processing the transactions.

all card transactions, whether via SSL or via a card processing company will incur transaction fees. using a card processing company need not cost more than bank merchant transaction fees, and the time saving makes it very worthwhile.

The problem is each order needs a manual review before the transaction can be processed. If they do not have the widgets available for rental then they will have to cancel the order and the transaction.

that's no problem. worldpay has a pre-authorisation system that allows the retailer 5 days in which to complete a transaction by clicking a button. no money is taken from the customers card until the complete button is clicked. therefore, if your client doesn't have the widgets available, he simply allows the orders to lapse. there are no transaction fees unless the orders are completed.

if you want more specific information, sticky me with details etc.