I concur with Maureen, look at Google and Paypal. The key there is that you send the user off to Google's site and the CC info is entered there, not on your client's site, so you don't even have to worry about SSL on the client site, let alone PCI compliance.
Years and years ago, I did do an implementation of a payment set up where part of the CC was stored in our database and part of it was sent to the client who stored it offline and then later they could look up the part of the CC we stored unencrypted. It was serviceable and reasonably secure, if somewhat of a manually pain in the arse. However, that was in the days before PCI compliance (or at least we didn't know about it). Credit card companies have really clamped down harder over the years on these issues. Fraudulent transactions cost them money and tracking all the stolen credit card numbers is a huge pain. If your clients say they don't want to use Google Payments or Paypal and they don't want to pay for an online merchant account and Authorize.net themselves, then you need to make sure that they understand the real cost of that decision. If VISA finds that they are not complying with regulations they can cut off all ability for that merchant to accept VISA payments, period, not just online. Same with Mastercard. Ask your client what that would do to their business and what risks they are willing to take. And if the client persists in wanting to take credit cards insecurely and you still want to work with them, make sure that your contact with them is air tight and that you cannot be held liable for aiding them in doing something you know to be against VISAs rules. Cheers, Judah On Thu, Feb 18, 2010 at 4:07 PM, Maureen <mamamaur...@gmail.com> wrote: > > There are many methods for small online businesses to accept credit > cards without storing the data on their servers - paypal, google > payments, authorizenet, etc...and the cost per transaction is not > going to be any more than it would be if they used their own Merchant > processor manually, and in some cases, it could be less. > > On Thu, Feb 18, 2010 at 3:57 PM, Eric Nicholas Sweeney > <n...@bigfatdesigns.com> wrote: >> >> I run into this problem/question as well - for "small" companies/storefronts >> who want to offer online purchasing or bill pay... >> >> >From their business perspective it doesn't "make sense" to purchase an >> online payment gateway. The reasons vary - but usually it is because of >> extremely low volume and/or they are already paying for credit card merchant >> services. (That don't offer an online payment gateway - usually using small >> local bank or credit union - and switching providers is WAY more work and >> expense then they can manage or justify...) > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:330913 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4