I'm a little concerned about receiving my client's personal information when they sign up for my service. I obviously want to receive all of their informatoin to have on file, including their credit info so I can recurringly bill them. I am signing up for SSL and Processing Service with Verisign. Is there any specific way to set up a way to receive the info. I know that using a form isnt secure, right?

You may store credit card on your server. SSL form to accept credit card are ok.
but if you store cc info on your servers for reccuring billing , then you must be CISP certified.
Check with Verising if they can make reccuiring based on previous transaction.
In this case Verisign will be in charge keeping customer details in a safe place

Also how are you receiving it? If you are getting it thru just email - that is not secure unless you are using an encrpyption method.

An SSL only secures the information between the browser & the server. Once it hits the server, it is no longer secure (if you are storing it there).

Yes Verisign does offer a billing manager type system to store the information and recurringly bill people, go in and manually bill them etc, however I keep reading in forums how much people like PayPal, but if I were to use PP i would want some way for the information to get to me so I can store it on a separate box only used for that.


and you say that if i have a form thats for example https:/mydomain.com/myorderform.php and someone submits it, thats safe? Because I thought I heard otherwise I just want to make sure we mean the same thing

thanks corey, thats what I thought, and thats my question is what method I should use to receive the information,

There are some methods out there that can be used to encrypt email depending on the language that you are using. But Verisign also has a recurring billing featre as well (for a fee) that might even be more helpful & easier

yeah i think that's what we're going to go with but i wanted to see if there were any other options because of the high price of verisgn, thanks again

BTW if you were wanting PHP - you might consider PGP as well and check out: Encrypt and email credit card orders with PHP & GPG (http://www.tiraen.com/dave/php_gpg_howto.html)

thanks a lot corey for that link it's a big help

Anytime - good luck with it! :)