Hi Everyone,

I have looked all week to try to find a solution for my online business venture. I am looking for a shopping cart solution that will store 20,000+ products and also allow for recurring payment on other products.

The one's I've found either didn't meet my needs or were too expensive for me. I looked into 1shopping cart which I liked but only offered 10,000 product maximum listing and nexternal was a bit too expensive for me.

After not being able to find a suitable solution, I am looking into having someone from India to design a website and shopping cart for me. If I do go this route what security measures do I have to have in place. I will need to store credit card information, because I will need to use monthly recurring payments for my venture.

Any advice, help, comments on this would be much appreciated.

Thank you!!!
Zol

If you need to store credit card info then you'll need SSL for encryption. And to have SSL you need a dedicated IP.

If you need to store credit card info then you'll need SSL for encryption. And to have SSL you need a dedicated IP.
SSL only encrypts the traffic between the user and the server; the information that gets stored is not encrypted at all.

SSL only encrypts the traffic between the user and the server; the information that gets stored is not encrypted at all.


I'm sure Oceanworld was talking about SSL for web traffic but you can also use SSL for encrypting the actual data collected and using public/private key so that the data can only be decrypted by the server that's doing the actual charge to a service like authorize.net.
http://us2.php.net/openssl

-Mat

I'm sure Oceanworld was talking about SSL for web traffic but you can also use SSL for encrypting the actual data collected and using public/private key so that the data can only be decrypted by the server that's doing the actual charge to a service like authorize.net.
http://us2.php.net/openssl

-Mat

Yes I was :) . And it's important too as most buyers will look for the SSL padlock when they buy with credit cards.

Thanks, Mat. I wasn't aware it could be used in that way as well. Good to know.

Hi Zol,

You will also want to make sure to check out and follow the Visa CISP/PCI guidelines. Here is a link to the page that covers those details:
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html

If you can avoid storing credit card data - by all means do so as it represents a potentially major liability for your business in the event that your data is compromised.

There have already been some major incidents this year - with a SAMS CLUB security breach being the latest one. So if you can't utilize a PCI-certified gateway to store any recurring credit card data, then you'll want to make sure all aspects of your e-commerce solution is protected from the physical/network side down to the o/s, application software and everything else.

Best of luck with implementing your system!

Consider using an electronic payment gateway that supports recurring billing. Otherwise, you can run into some very big problems if / when hacked.

For those of you that need to understand the CISP rules: http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Data_Security_Standard.pdf

Section 3.2 article 3.2.2: Do not store the card-validation code (Three-digit or four-digit value printed on the front or back of a payment card (e.g., CVV2 and CVC2 data)).

Make sure that you read that guide carefully. It gives you a good list of do and do not's.

SSL only encrypts the traffic between the user and the server; the information that gets stored is not encrypted at all

Like others said, try not to stored the credit card information if possible. But if is necessary because of the recurring billing then make sure you encrypt the credit card info on the database.

There are many gateways that offer recurring billing, is way safer for you however is not to good when you need to give access to customers to see all charges or payment history.

If you need to go with someone in India, make sure you get a company that has good reputation and pay a fair price, you may find people telling you that they will do the job for $50 bucks and just take the money and diseappear.

I would do an scrow payment, search on Rentacoder.com and scriptlance.com i'm sure you will find someone reliable to help you there.


SSL only encrypts the traffic between the user and the server; the information that gets stored is not encrypted at all

SSL only encrypts the traffic between the user and the server; the information that gets stored is not encrypted at all.