Collecting
Credit Card details using your own Secure Server
If you have chosen to collect and process credit/debit card information yourself, then you will need a secure server and a script to collect the information.
The shopper wll want to check the online ordering form for a secure server symbol. In Microsoft's Explorer, it will be a tiny padlock at the bottom toward the right-hand corner of the IE window. If it's open, they don't have a secure server. If it's closed, they do. In Netscape's browsers, you get a little key on the bottom and toward the left-hand corner (It figures--the two big browser companies use exactly opposite symbols!). The key will appear solid and be on a blue background. If that's not what they have, the shopper will not want to divulge credit card information on that page.
Some Secure Servers have Secure Socket Layer (SSL) transmission. This enables the browser to encrypt any data sent to the web servers, and in turn the servers will encrypt any data sent back to the web browser. When placing an order, the shopper will want to see that on the page where they enter their personal information, the URL will change from http to https. This indicates that they are on a secured page. This means they can safely enter their entire credit card number and it cannot be read in transit.
Ask if your hosting company can supply you with a secure environment. Currently we only supply scripts based on ASP.
You must have a secure environment that supports ASP!
Once you have obtained such a secure environment, download the zipped file 'secure.zip' below.
|
Resources You
will need Winzip to
extract the shopping cart files. |
 |
Unzip
'secure.zip' to a folder called 'secure'. You will see the following files:
credit.asp; inc_emaildetails.asp; paymentpage_help.htm; readme.txt and
a directory of images.
The
file 'credit.asp' is the active ASP file and the shopping cart should
be configured through the Admin area to point to that file. The file 'inc_emaildetails.asp
supports the active file and should be edited to configure the email system
(see below).
The file 'paymentpage_help.htm' contains information for the shopper related
to the security code shown on the majority of credit/debit cards.
The file 'readme.txt' is a copy of this configuration information.
Editing 'inc_emaildetails.asp'
This
file should be edited to reflect your requirements. The important bit
is the choice of Email Component. Check with your hosting company as to
which they support and recommend. Then 'uncomment' the appropriate component.
i.e. the 'comment' character (') should be removed from the line. The
default is CDONTS which does not require a SMTP server. However, the others
do, and an appropriate SMPT server should be included. The line - SMPTServer=""
= should be edited to reflect the name of the SMPT server used and should
then be 'uncommented' i.e. the 'comment' character (') should be removed
from the line.
Remember
Using your own server to collect credit/debit card details has it's responsibilities. You are required to keep the customer's data secure and confidential. You must abide by the appropriate laws and regulations including the Data Protection Act.
It may simply be better and easier to use a third party to collect your money if the shopper wants to use credit or debit cards.
Using your own script
The following information is only for those who wish to use their own script.
When the script is called from the shopping cart, the following fields and parameters are sent.
Step
- this will have the value "GetDetails"
InvoiceRef - this will contain the invoice reference from the shopping
cart.
InvoiceTotal
- this will contain the value of the goods to be purchased. (without the
currency symbol)
email - this will contain the shoppers email address