: What is SSL Hosting and what are the requirements for making secure transaction I am here in order to collect the information for making secure online transaction. My client has got a online
I am here in order to collect the information for making secure online transaction. My client has got a online shopping site. We are now having cart in our own site and transfering the cart detail to paypal and making the payment via paypal.
So now i would like to add the credit card request page in own site and process it so i would like to know what are my requirements
More posts by @Bethany197
3 Comments
Sorted by latest first Latest Oldest Best
If you are planning to handle credit card data in any way, even only temporarily, then you must be compliant with PCI/DSS. It can be a lot of work to properly achieve and maintain compliance so it is generally recommended that you avoid handling CC data as much as possible, pushing the responsibility for payment details security to the company/companies that handle your payments (i.e. paypal and/or a company that operates your merchant account and so on).
As for "what is SSL hosting", SSL hosting in this context is making content and script available via HTTPS. See en.wikipedia.org/wiki/Https for more detail. While the use of secure protocols (i.e. HTTPS rather than plain HTTP) for the transfer of payment information is a requirement of PCI/DSS (and general common sense!) it is far from the only requirement. Also note that a cheap SSL certificate should not be used for payment processing - you should obtain an EV certificate which costs more and involves some paperwork and/or faxes/phone calls to prove that the company requesting the certificate is who they say they are and are eligible to have a certificate issued for the domain in question.
Maybe I'm misunderstanding what you would like to do but if the goal is to collect credit card info on your site and store it (e.g. for offline processing) then the answer is: DON'T!
No offense, but there's no way you can do this in a secure way.
If you want to achieve something else please update your question to clarify.
First of all check can you use SSL with your current hosting solutions(you will have to ask your hosting company for this). If you are using dedicated server or virtual private server this should not be a problem. But if you are using shared hosting you will need an IP based one to use SSL. Just ask your hosting provider.
Second of all use the SSL only where necessary, you do not need it on all pages(only for those with the sensitive data). Then choose a SSL certificate provider (GoDaddy, VerySign, Comodo etc.). They will have to check your company, make some phone calls etc. to prove that your business is not a fake and then they will issue you a certificate that your hosting provider will have to install for your website.
Hope this helps )
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.