Question
My problem is a client wanting to retrieve credit card details from there customers via an online form.
I'm aware of an SSL certificate been purchased and I've validated and sanitized the form fields which the user fill's in.
The issue come's up here when sending the card details, I'm wanting to send them via email to my client but believe that there will be so many security issue's doing it this way.
I guess my question is how would I send the cc details from the form straight to an email while maintaining security and if its even possible for it to be 100% secure?
Note there is know payment taken on the actual form its only purpose is to retrieve the cc details.
Thanks
Solution
It sounds to me like you've receiving a bulletproof safe, opened it, copied the details on a note.
Then you go outside, find an unknown boy on the street and pay him a quarter to deliver the note to your friend just a few blocks away.
And that is why credit card fraud exists...
OTHER TIPS
Doing this is not only a very, very, very bad idea (you might as well not use SSL on the page), but it would also be in violation of the merchant service agreement that you (or your client) agreed to. You have to follow the PCI-DSS standard if you are handling payment card information and this is thing #1 on the "Don't Do This" list.
If you need to handle credit card details and don't have a security team, use a merchant service provider that handles credit card detail collection for you (such as Authorize.net, Paypal, Google Checkout, Amazon Payments, etc, etc.) With those services, you simply send the user to the providers site along with an amount to be charged and a list of items it is for. The third party deals with the credit card details and then sends you a receipt code that verifies the transaction and sends you the money.
The short answer is don't. Including credit card details in an email is a bad idea.
https://stackoverflow.com/questions/22784770
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian