Accepting credit cards

Hi Andy

This is just my humble opinion, but I'd say steer clear! 

For me to put my payment card details into a website, it has give the impression of confidence and security, such as I get if I buy something from Amazon, or I use a site with a 3rd party system such as Worldpay, or even Paypal.

Off the shelf platforms and eccommerce systems tend to be the least secure by the very nature they are used by so many sites. This makes them the target of hackers and script kiddies, as exploiting any vulnerability becomes profitable and is worth the investment in time to find them.

I always think the worst, and using that principle what would happen if our site was compromised. ie impact to customer, our reputation, partner confidence etc. How happy would you be, to know your card details have been grabbed off our site regardless of separate CCV numbers. 

The only private information we ever allow members to input is an email address. From a confidence point of view, our sign up pages have long been https even though there was no requirement, but it's a good visual reinforcement (we've since moved to site wide https).

Let someone else have the pain and worry of accepting  credit card details and processing the payment. 

If you do decide to host card details or allow them to be in-putted on your site, then make sure your website security really is ready and your PCI DSS Compliance is valid and up to date. Non compliance will make you liable for any fraudulent transactions, including costs of forensic investigators if the issue is traced to your site.

Assuming you are already PCI DSS compliant, but for anyone reading this, you can learn more here: What is PCI DSS?

Ok ,now that you put it that way ,maybe i should shelve that idea for good.

Thank you for link and yes you are right I do use a e-commerce site and maybe need to think up another idea as reading that link certainly makes you think twice..

After been shot down in flames(see above).My dream to have a credit card style layout has just been made a reality .. I accidentally found a site that lets me do just that people can now add their card details without leaving .perfect ..Hopefully this will now fix my abandon cart rate which was quite high and sadly may have to say goodbye to my my favourite merchant account who have been so helpful in the past 

Hi Andy

Have you thought about using a virtual terminal? We've used these in the past and they work well. 

Most banks will be able to supply you with details as welk as SagePay. 

Anthony

It looks really slick Andy

I just worry about the security risk of taking card details via my actual site. Assume you are PCI DSS compliant to cover yourself.

Be interesting to hear your feedback regarding the abandon rate and see if it makes a big difference. Maybe you will win me over

It's run by Braintree (part of PayPal). I have no control or see customer card details ..All I know is it works ..If you enter the wrong details it flags up as wrong and has all the usual things in place via my braintree home page .. I can actually activate a lot of setting to make it extremely strict..

Although to be fair I have only just started using it so really need to find out more.As as you say it may not be pci compliant when I first turned it on I actually thought I had put the wrong payment on until I double checked  

Just found this https://www.braintreepayments.com/en-gb/products-and-features/data-security ,but I may just pop the question to them just to be safe..

I'll tell you what Andy, you've got me really interested. Just looking through their site and all seems above board and compliant, and as you say it's owned by Paypal.

At first glance at least it looks really good. Will sit down next week and go through the numbers and see if it is worth using. Currently use Worldpay, but the interface is atrocious and we are seeing more and more paypal transactions, so certainly worth considering.

Should ask them for a finders fee or affiliate link

I did some more digging last night and it seems I have a few more loop holes to jump though .. I do need to contact them about being PCI compliant although they cover the cost of it and it is only basic version and have to go though securitymetrics.com ..Just tried phoning them and they closed.

Will do ;) 

Taken another step further in the quest for PCI ...My website has been sent off for final testing