Last week I did an emergency website fix for a new customer. I hadn’t built the site and wasn’t familiar with its functionality. As I worked on their payment page, I realized what I was looking at. The page collected credit card information and then emailed the credit card details to the website owner. The page had a SSL certificate (more about that later) but was that enough to make the page safe for visitors to use? I thought about it and the answer was, “No!”
What is a SSL Certificate?
SSL stands for Secure Socket Layer. Pages using a SSL certificate typically start out with a https in the URL as opposed to a http. A SSL certificate encrypts data as it travels from computer browsers to website servers. However it does nothing to protect the emails that are then sent out from the website server.
Why it’s not safe to email credit card information
As emails travel through the Internet to their destination they’re passed through different servers. Hackers could intercept the email at any point along the email’s journey. (Earlier in the week I posted a video about how email works. ) So despite the fact that my new customer was trying to safely collect credit card information, it wasn’t a good way to go about it.
So what are the safe ways to collect credit card information online?
One way to transact business online is to use a merchant gateway. (Authorize.net is a popular one. PayPal is another.) Systems like Zen Cart and 1ShoppingCart.com help website owners to tie merchant gateways together with shopping cart software. PayPal even has its own shopping cart system that’s great for business that sell services or just a small number of products.
My new customer was just as concerned about this website vulnerability as I was. We redesigned the website form. Website visitors now either pay by check or phone in their credit card information. Problem solved!