Skip to main content
J
jamie61880
Inspiring
August 4, 2015
Question

HTTPS

  • August 4, 2015
  • 1 reply
  • 885 views

Hi everyone. My company would like to set up  a 2 page site with an online order form to purchase a product we are selling. We would like to accept credit cards on here. I know there are sites out there that we can download the script for a shopping cart, but I don't think our server is up to date for the requirements of what these plugins need to work and we don't want to have to pay for a hosting plan. So we were just going to set up 2 simple pages for the customer to choose what they want and a price would go into a shopping cart form where they could enter their credit card information. This page would be an HTTPS page. I'm just wondering if I create a page that is secured this way, is it secure or not? Or do I need to go through one of those web sites that has a shopping cart built already so it's more secure? We were not going to insert this info. into a database. We were going to email it to our info email using Cold Fusion. Will that email being sent to us, be secure? Does anyone have any suggestions otherwise how to set up a simple shopping cart? We don't have part numbers with prices. A formula is going to be used to figure out what the price should be depending on what the customer chooses. Thanks.

Andy

This topic has been closed for replies.

1 reply

pete_freitag
pete_freitag
Participating Frequently
August 4, 2015

Hi Andy, The email you send with the order info will not be secure. You could send an encrypted email but I would not recommend that workflow. I would recommend using a third party service to handle the credit card interaction. The third party will host the payment form and accept the credit card so it never hits your server -- this is important because if your server does see the credit card or host the form where the credit card is entered you will have to go through a more rigorous PCI compliance process. There are lots of credit card gateways that provide this -- I would strongly recommend leaning on the gateway to handle as much of it as possible -- so instead of emailing all the info, you can email some basic info and instruct your user to login to the gateway to view the order info. You don't need to install a shopping cart on your server to integrate these, and if you do install a cart it is important to keep it up to date (old shopping carts may contain security holes). Here are some options, there are loads more but these are among the most popular: https://www.braintreepayments.com/features/drop-in https://www.braintreepayments.com/features/hosted-fields https://stripe.com/checkout https://stripe.com/docs/stripe.js https://www.paypal.com/

    N
    nic_tunney
    Inspiring
    August 4, 2015

    I can't +1 what Pete says here enough.  Avoid doing this in house like the plague. The infrastructure and checks and balances you need to securely process credit cards in-house would far outweigh any costs you might incur using a third party for payment processing.  I've used both Stripe and PayPal and both work very well with ColdFusion.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices