On Wed, 16 Feb 2000, Shaun Cloherty wrote:
> I am currently in the planning/feasibility phase of deploying a credit
> card payment/subscription system via the web. Now obviously I need a
> secure web server of some guise..... we are currently running Apache
> (non secure) on a Red Hat 6.1 server. I'm seeking any advice,
> suggestions, anecdotes etc. regarding any 'secure server' endeavors....
> what's the current 'standard practice' in this area these days??
You can grab RPM's and Sources of Apache + Mod_SSL to do secure servers
from ftp://ftp.zeds.net Cost = $0 (a little time perhaps)
Buy a cert from Thawte http://www.thawte.com (USD $120.. and some time
getting the paperwork sorted)..
Go get a business account with the National.
FIRST.. Apply for a Amex merchant facilities.. (even Diners too.. it costs
you no more).. They will give it to just about anybody.
THEN.. once you have that.. go to the National and apply for Merchant
facilities for Mastercard, Visa, Bankcard. You note you already have Amex
and Diners..
Hassle them constantly until you get the machine.. Don't go with the clack
clack.. or the MOTO forms.. You will die filling that bugger out.. And
when you "deposit" it at the bank, you have to way 5 days for clearance,
same as a cheque.
The rental of the EFTPOS machine is worth every cent if you do more than 2
transactions a day.
You get the money next day, straight into your account, and you can do
EFTPOS if people come over to pay.
Once you have all that.. Build a PHP credit card form, there is some good
code around that will do credit card validation in PHP..
Use GPGP to encrypt the orders so no one can hack your web site and get CC
numbers. A tip.. DONT STORE CARDS on the web server AT ALL.. Niet.. None..
Just don't do it.. Don't even write it to a temporary file.. PGP it and
send it via email or something into a secured back end server.. Hell.. via
UUCP would be a good idea! very secure.. no Internet on it at all would
be best.
Then enter the codes into the machine to process..
Easy..
Don't bother with these "Online credit card transaction" guys..
You still have to have the standard merchant facilities, and they usually
FAIL to mention that their fees are ON TOP of your existing merchant
fees..
Ie.. Telstra SureLink fee is say 3%.. if your Merchant fee is 3%.. then
that = 6% is taken in fees... That hurts if your margin is 10%.. or less..
And if you find all this too hard, my services are available for a
reasonable fee.
---
Anthony Rumble
LinuxHelp http://www.LinuxHelp.com.au Phone: 0500 500 368
Direct 02-9712-1799 Mobile 0412-955-042 Fax 02-9712-3977
--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to [EMAIL PROTECTED] with
unsubscribe in the text
