Problems, need help? Have a tip or advice? Post it here.
3 posts Page 1 of 1
Howdy,

how is everybody doing down here ? :)

I just wanted first of all thank everybody cause you are the best team ever...ever.
The level on customer service is ridiculously high so Thanks....

Anyway here is my question:

The client put a digital product on the website I did for him using couch (basically the final client fills in a form with a formula and we create the product so there is no physical product to pick as we just have to receive the formula.)
Because of the small amount of people that use this service at the moment, he decided that he would like the client to insert all the details in the form (including credit card) and to follow everything manually like if the transaction was done over the phone. Now, is it possible to create a secure form with couch that sends sensible data like credit cards number?

Thanks so Much

Emanuele
Hi Emanuele,

To begin with -
If I am not wrong, all organizations or merchants, regardless of size or number of transactions, that accept, transmit or store any cardholder data need to be PCI compliant (http://www.pcicomplianceguide.org/pcifaqs.php).

As such, I wouldn't advise you to use your client's site (Couch or no Couch) to accept/transmit CC info. It is better to use a third-party (e.g. Authorize.net Customer Information Manager http://developer.authorize.net/api/cim/ ) to handle and store the sensitive data.

Coming to your question - I think, the only way to create a 'secure' form would be to use SSL.
But then, this will protect data only from a user's browser to your web-server - which is just one segment of the entire path through which the CC info flows (you'll most likely store it in a database or email it to your client etc.) which is why it won't be PCI compliant.
Always amazing and quick :)
3 posts Page 1 of 1