Re: Building in "donation management" support in site design

I would recommend using secure trading for your real time credit card validation as they provide fraud prevention functions and are industry standard. Also remember never to store credit card numbers on your server if you must refer to credit card numbers use only the first 4 digits likeso 2341 xxxx xxxx xxxx xxxx. You 'll need a proper merchant bank account to accept the payments. AMEX cards require a separate merchant account to the VISA/Mastercard. Older browsers may have trouble with 128 bit certificates.

A self signed certifcate will save you money and is unlikely to be noticed. Also to save money you may use a 40 bit certificate which is also not likely to be a barrier. Make sure every page is printable to a single page of A4. openssl with mod_ssl for apache is the easy free way to go. Always remember to backup your key and CSR and store them securely. Perl wise you should notice no difference under https except for a slight decrease in speed. I would look at some of the CPAN encryption modules if you do decide to store credit card information on your server. Watch out what minimum transaction size you do choose as the smaller they get the less worthwhile it all becomes

Update Secure trading charge 1.5% per transaction and the credit card company will also make a charge per transaction in case of AMEX 3%. As for opening a merchant bank account I don't imagine there is a charge for that but you probably have to be a registered company.

Comment on Re: Building in "donation management" support in site design

Replies are listed 'Best First'.
(OT) Re: Building in "donation management" support in site design by hacker (Priest) on Jun 25, 2002 at 12:21 UTC
Thanks for the ideas. I already have a self-signed cert I created awhile ago, and it's been working fine for my basic tests. I also bury my IMAP mail behind it using SquirrelMail, so the mod_ssl bits are already there and functioning well (I also use a similar certificate for my irc/ssl irc server). My server signature is currently: `Server: Apache/1.3.26 (Unix) PHP/4.3.0RC1 mod_gzip/1.3.19.1a mod_perl/1.26 mod_ssl/2.8.9 OpenSSL/0.9.6a` [download] The only downside to having a self-signed certificate is that the user will get a warning dialog every single time they hit the secured page, because their browser doesn't recognize the CA. I suppose I'll have to see how to handle the merchant account issue. I wonder what (if anything) they charge for that service. Is it a percentage of the charges processed through them? Or is it a flat fee on a monthly scale? Merits further investigation. Thanks again.	[reply] [d/l]

Replies are listed 'Best First'.

(OT) Re: Building in "donation management" support in site design
by hacker (Priest) on Jun 25, 2002 at 12:21 UTC

I already have a self-signed cert I created awhile ago, and it's been working fine for my basic tests. I also bury my IMAP mail behind it using SquirrelMail, so the mod_ssl bits are already there and functioning well (I also use a similar certificate for my irc/ssl irc server). My server signature is currently:

Server:
   Apache/1.3.26 (Unix) 
   PHP/4.3.0RC1 
   mod_gzip/1.3.19.1a 
   mod_perl/1.26 
   mod_ssl/2.8.9 
   OpenSSL/0.9.6a
[download]

The only downside to having a self-signed certificate is that the user will get a warning dialog every single time they hit the secured page, because their browser doesn't recognize the CA.

I suppose I'll have to see how to handle the merchant account issue. I wonder what (if anything) they charge for that service. Is it a percentage of the charges processed through them? Or is it a flat fee on a monthly scale? Merits further investigation. Thanks again.

[reply]
[d/l]