Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security for credit card processing


lawandorder

Recommended Posts

I am a newbie who has struggled setting up my own website. (Thank god for the Oscommerce template). I am now ready to go live but I don't understand how to make my site secure for credit card users. Can somebody give me a quick explanation - someone I know mentioned that I need a merchant account and that it would provide all the security I need. I'm not even sure what that is ?

Link to comment
Share on other sites

I am a newbie who has struggled setting up my own website. (Thank god for the Oscommerce template). I am now ready to go live but I don't understand how to make my site secure for credit card users. Can somebody give me a quick explanation - someone I know mentioned that I need a merchant account and that it would provide all the security I need. I'm not even sure what that is ?

 

In a nutshell what you need to provide a secure transaction is...

 

1) For your web-server, you will need to purchase a SSL certificate if one is not already present which represents

your domain name.

To check and see if you have a valid SSL cert for your domain, just type; https://yourdomainname.com into the browser,

if a valid cert for your domain exsists you will know it by viewing the SSL cert information when presented with the security prompt.

Otherwise the cert may belong to your hosting company.

 

2) You will want to figure out who to use as a Gateway provider.

Your gateway provider is the organization which will provide you a means of accepting and processing credit card orders.

Most e-merchants opt to work with PayPal because of lower monthly cost, lower per transaction cost, and providing you are using

a PayPal enabled shopping app as osCommerce it will provide easier setup for the beginner.

 

Another thing to consider is if you are a new business with a relatively short history of working with a bank it is nearly impossible in most states to acquire a Gateway account from a bank.

Credit Unions are a little more friendly than banks- but not much!

 

Follow this link and once there you will notice a variety of payment acceptance options, you can pick the one that best applies to your business.

http://www.paypal.com/cgi-bin/webscr?cmd=_merchant-outside

 

I presently own and operate 2 e-commerce sites and have a gateway account with AuthorizeNet, but for what you may be doing as a start-up e-com biz I would suggest Website Payments Pro (U.S. Only)

 

Also follow this link and scroll to the base of the page, there you will be directed to the most popular Gateway providers;

http://www.oscommerce.com/solutions

 

3) Aside from that you just need to be sure and define your secure HTTPS links for checkout within your ecommerce application

and once you have attained your PayPal account info you will need to enter it into the e-comm application likewise.

 

 

Hope this helps you somewhat

Link to comment
Share on other sites

Thanks for taking the time to explain this. Really appreciated. I am running on a windows local host right now but have heard alot of horror stories about web hosts not providing support for security, once live. Is there anything I should investigate before selecting a web host. Also, how much does an SSl certificate typically cost ?

Thanks again

Link to comment
Share on other sites

Thanks for taking the time to explain this. Really appreciated. I am running on a windows local host right now but have heard alot of horror stories about web hosts not providing support for security, once live. Is there anything I should investigate before selecting a web host. Also, how much does an SSl certificate typically cost ?

Thanks again

 

 

Hmmm, well I will say this much as for SSL support from your hosting company.

Not all hosts tend to cottle you too much with regards to SSL installation and or troubleshooting if needed.

Most of your troubleshooting will come form Network Solutions in this example should you buy from there, otherwise the strongest SSL cert installation support will come form the SSL cert issuer themself.

 

I suggest you look to hosting companys such as Ipower, 1&1 and the likes first.

Don't get a dedicated server or virtual private server as you are most usually left at your own devices to figure things out.

 

Just look at their regular hosting packages and then call to speak with a rep and make sure that they will assist you in installing

your new SSL cert, once the cert is installed there isn't any maintainence other than renewing your SSL cert prior to it's expiry date and re-installing the new cert.

Most control panels allow you the user to install your cert though.

 

The cost of an SSL cert depends on namely who is issuing it and how reliable is the cert not to mention multi-browser compatibility is important alike.

Try looking at Network Solutions first, GO Daddy and the likes generally provide low reliability/compatibility certs.

 

You won't need bells and whistels for an SSL cert, it basically needs to assure the user that the site belongs to the Online merchant and provide validation back to the source provider of the cert itself.

Please follow this link and I suggest the Basic SSL Cert for $99 per year when you register for 3 years costing you a total of $297 for the cert for 3 years.

 

 

 

Let me know should you have other questions.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...