Forums

[QUESTION] Secured forms

Denis La. 06 Feb, 2013
Hi,

I'm building a reservation form for one of my clients where people will need to submit their credit card number.

I'm using Joomla 2.5.9 and Yireo SSL redirection plugin to secure only the reservation page and, my client is going to purchase a SSL certificate.

So my question is... how to make sure that the informations sent by Email from the CF reservation form are secured. I'm fairly new with this type of Form (the one he had before was the same but without the need for credit card submission) and I want to make it right.

So could someone, like Greyhead per instance😀 , be gentle enough to help me set this up the right way?

Thank you very much in advance for you precious help.

Denis.
GreyHead 07 Feb, 2013
Hi Denis,

Just to state my position: I think it's a bad idea to take credit card details if you can possibly avoid it, and a worse idea to send them by email.

That said, Max added a PGP option to the Email action. I've never tested it and I'm not sure exactly how it works but it will probably do what you need here. I suggest that you take a look, then contact Max using the Contact Us link above to ask for specific details on how to use it.

Bob
Denis La. 07 Feb, 2013
Hi GreyHead,

Thanks for your quick reply!
I've sent a message to Max as you suggested... but, forms where people send there credit card infos are a common thing and safe these days aren't they? I mean, all those sites where you order stuff and pay by credit card.

I thought CF was a sturdy component that could offer the same actions safely, does it? Probably does but, if you do not recommend it, I'm starting to be nervous here! 😶 🤣

I really love your great product and I hope it can achieve safely the above asked task because I really need this.

I will wait for Max's reply. Thanks for any further help!

Sincerely,

Denis.
GreyHead 07 Feb, 2013
Hi Denis,

In reality very few sites take credit cards directly; by far the majority link directly to a payment gateway and either send the user there or pass the data directly to the gateway.

If you want to accept credit cards on your site then you may well need to comply with the PCI Security Standards Council regulations for merchants.

That said, ChronoForms has all the technical infrastructure that you would need to set up a form to accept credit cards, though you would need to add in any necessary security checks, encryption, etc.

There is an example of using the PayPal API to accept credit cards in one of Max's tutorials here I think, but note that the data is sent directly to PayPal and typically not stored locally.

Bob
Denis La. 07 Feb, 2013
OUCH! :?

That seems to be a hell off a ride to set that up the correct way! Thanks for the infos.

Since some sites are taking the card data directly on the site, I thought it was something like what I'm asking that was set up. But I found out that some payment gateways (if payed a certain membership) can integrate directly into the site... avoiding the move to an external gateway payment process.

Since my client uses that form just for reservations purposes and not for direct payment, I think I'm going to expose to him the facts and suggest to him to continue like he did before... which is taking the reservations with the form and provide clients with the information that they need to call and give their credit card details by phone.

He wanted to cut some steps for the clients and him in the process by having them fill out the card details within the form but, I think it'll be safer the old way.

Thanks for you help and wisdom GreyHead! :wink:

Sincerely,

Denis.
GreyHead 07 Feb, 2013
Hi Denis,

I think that this is a case of 'better safe than sorry'.

If your client has the ability to take cc payments then his bank probably has a recommended on-line system that can be used if he wants you to go down that route. Some of them can be quite unobtrusive. The problem is not necessarily in taking the cc details per se, but the risk in storing or passing them in any way other than directly to the payment gateway.

Bob
This topic is locked and no more replies can be posted.