FAQs

How can I safely take credit card data?

Written
The simple answer is that you should avoid taking credit card data on your site unless you know exactly what you are doing. It is a security risk and you may be liable if data is lost or stolen.
The safest and simplest way of taking payments is to use a payment gateway where you send the user to the gateway site to confirm their payment. This is like a basic PayPal payment. You will get some kind of confirmation from the gateway and can then release whatever the user has purchased. The form of confirmation depends on the way your gateway account is set up. It can be a simple email; or an instant confirmation like the PayPal IPN (Instant Payment Notification).
The next level is when you keep the user on your site by using a form that submits directly to the gateway. No credit card information is kept by you and so there is no security risk.
The most risky level is when you take credit card information and store it on your site or email it for manual processing. If you do any of these things then you may well need to comply with the PCI Security Standards Council regulations for merchants.

ChronoForms accept no liability for your use of forms to accept confidential or risky data including personal detail or financial data like credit card details.