I am planning to sell webhosting plans along with other products on my website. Credit card payments will be processed using PayPal. Now, the problem is this: PayPal and the shopping cart they provide are too dumb to distinguish between a one-time purchase and payments that will be debited on a monthly basis for the actual webhosting. It is possible, but my clients will have to use two different shopping cart: one for the one-time purchase and one for the subscription for my hosting services.

In order to avoid this, I would like to have the orders emailed to me instead, and then fill them out online manually at PayPal using my client's personal and credit card information. Since I am not planning to have lots of clients for the beginning, I figure it wouldn't be a problem for the time being. I was just wondering however, whether PayPal would allow me to make payments on my clients' behalf? Is it ok to subscribe them using their own credit card information? Also, is it ok to keep their credit card information on my database?

Any input would be much appreciated.

Thanks in advance.

Having your client's address, name & credit card sent to you via email is a very, very insecure thing and a HUGE liability for you.

Assuming you take the risk (and it's a big & bad risk) paypal and the client's card issuers would probably not be happy if you put the orders through yourself. Paypal will probably notice the ips in relaiton to numerous cards and different addresses and flag it as a fraud attempt.

In teh end, it seems like a bad method all around... bad security, bad risk and probably wont be accepted by paypal.

I am going to have to agree with TedS..... this doesnt sound like a good idea at all.

Originally posted by TedS
Having your client's address, name & credit card sent to you via email is a very, very insecure thing and a HUGE liability for you.

Obviously all the information that the client would submit to me would be handled using 128-bit SSL server. Once received, I would set up an account for my client on PayPal manually. I don't see any security infraction here, except that my clients would have to trust me with all their credit card information.

Originally posted by Higgenkreuz


Obviously all the information that the client would submit to me would be handled using 128-bit SSL server. Once received, I would set up an account for my client on PayPal manually. I don't see any security infraction here, except that my clients would have to trust me with all their credit card information.

But email is just plain text.... Besides I don't think PayPal allows you to enter your customer's information... Its a fraud risk...

But email is just plain text.... Besides I don't think PayPal allows you to enter your customer's information... Its a fraud risk...


The ProHacker knows his stuff..=)

As the others have already said, PayPal isn't going to let you enter customers information for them, it's just not something they would allow, and once they found out it was happening, they would surely cut your account. I use PayPal for all my eBay auctions, that's about it, but for general items from my site and in person, a real merchant account is the best way to go. If you don't want to go with a real merchant account, there's always the 3rd party types that are also available.

Best of luck,

David

Genaldi Co.

PayPal will not allow that and will cut you off and freeze your funds if they catch you. No one allows that as far as I know.

If you need a paypal routine for subscription signup let me know and I will show you how we do it.

PM me and I will show youwhat we do and tell you how to get the script etc.

Monte

Paypal requires that the user enter their information. They would shut your account with them down, if they found you were entering this information on their behalf.

If you are looking for an inexpensive way to process credit cards with our the commitment of a merchant account, look into ProPay.

They allow you to enter the credit card info directly, the down side is you can't setup recurring payments. You will have to use a third party billing tool to do the recurring payments. They also do batch payments which are supported by these same third party tools.

Thanks
Kevin

Originally posted by Higgenkreuz


Obviously all the information that the client would submit to me would be handled using 128-bit SSL server. Once received, I would set up an account for my client on PayPal manually. I don't see any security infraction here, except that my clients would have to trust me with all their credit card information.

Yes the info may be secure on a page from the customer to your web page via a form with SSL, but the second they hit the submit button that info is shot across the net via email, which is not secure.

Why can't you just use PayPal and sell webhosting as a separate product. Sort of like Microsoft's windowsupdate, where DirectX requires installation by itself, and requires you to go back through the windowsupdate site to install other updates at a later time :).

Originally posted by Higgenkreuz


Obviously all the information that the client would submit to me would be handled using 128-bit SSL server. Once received, I would set up an account for my client on PayPal manually. I don't see any security infraction here, except that my clients would have to trust me with all their credit card information.

I also forgot to mention, if you are not a merchant you should not be gathering people's credit card infomation.

I believe credit card companies have rules about this.

Hi,

We would quickly restrict the account of any user we found to be opening accounts for their customers. There is a huge risk factor (to your customer and our company) here. Having these details sent across email is not perfectly secure, so I would advise NO party on the internet to send credit card details via email.

Hi Higgenkreuz,

I am a little confused as to what the issues are here.

-Recurring charges can be done through our subscription product
-A single purchase could be done with the shopping cart,etc.

I do know that some web hosts do the following:

1. Send the party a money request for the set-up fees,etc.
2. They then establish subscriptions for users that are billed on a monthly basis.

Please feel free to provide a little detail on what you are looking at.

Yes the info may be secure on a page from the customer to your web page via a form with SSL, but the second they hit the submit button that info is shot across the net via email, which is not secure.

I'm a newbie about this subject at the moment, but...

because this form is using SSL, wouldn't this email contain only 128-bit encrypted information which would be nearly impossible to decode without the proper decode key?

i am also assuming (i may be wrong here though) that if the SSL info was sent conventionally without being included in the email, it would still access similar if not same common network points across the globe just as if an email containing the same encrypted data was sent.

i'm a bit lost on this one guys... anyone knowledgable enough to remove my newbie confusion ?

Originally posted by paypaldamon
Hi,

Hi Higgenkreuz,

I am a little confused as to what the issues are here.

-Recurring charges can be done through our subscription product
-A single purchase could be done with the shopping cart,etc.

I do know that some web hosts do the following:

1. Send the party a money request for the set-up fees,etc.
2. They then establish subscriptions for users that are billed on a monthly basis.

Please feel free to provide a little detail on what you are looking at.

Ok, what I want is something like this: users would be able to pick and choose the products and services on one single form, regardless whether it is a recurring payment or not. Upon clicking on the submit button, the information would be passed along to PayPal for further processing (credit card and personal information, etc.

Here is roughly the idea:
====================================
Item #1 - $20.00 (onetime payment) [ ]
Item #2 - $35.00 (onetime payment) [x]
Item #1 - $20.00 (onetime payment) [ ]
Webhosting $9.99 (recurring payment) [x]

[CLEAR] [SUBMIT]
====================================

Thank in advance for the help.

Originally posted by Chang Lee


I'm a newbie about this subject at the moment, but...

because this form is using SSL, wouldn't this email contain only 128-bit encrypted information which would be nearly impossible to decode without the proper decode key?

i am also assuming (i may be wrong here though) that if the SSL info was sent conventionally without being included in the email, it would still access similar if not same common network points across the globe just as if an email containing the same encrypted data was sent.

i'm a bit lost on this one guys... anyone knowledgable enough to remove my newbie confusion ?


/ secure / not secure
customer --> server ----> ---- email -------------> you

It is only secure from the customer to the server, the second the server receives the data and emails it, it is sent UNsecure.

All SSL does is create a secure connection from the user to the server, the data itself is not encrypted.

Prevo is 100% correct. I would strongly advise you avoid this route. My site is soon transitioning from paypal to 2checkout - it might be easier to mow a lawn or two to get the $49 one time fee and do it that way....just my suggestion :D

As far as sending an encrypted email - what about PGP (pretty good privacy I believe) at:
http://web.mit.edu/network/pgp.html

I wonder how propay can offer the call in feature if it's frowned on by credit card co's - like the customer calls me - I take down his cc info and submit it to a 3rd party?

Originally posted by Jim777
As far as sending an encrypted email - what about PGP (pretty good privacy I believe) at:
http://web.mit.edu/network/pgp.html

I wonder how propay can offer the call in feature if it's frowned on by credit card co's - like the customer calls me - I take down his cc info and submit it to a 3rd party?

As far as I know you are not suppose to handle any customer credit card data unless you are a merchant, I believe this is a rule by most credit card companies.

I will have to do more research.

Just as if you are not a merchant you are not allowed to have credit logos on your site.

Originally posted by Higgenkreuz
... the problem is this: PayPal and the shopping cart they provide are too dumb to distinguish between a one-time purchase and payments that will be debited on a monthly basis for the actual webhosting....

Paypal actually has a very easy to use subscription system. True it does not show as a shopping cart item, but with the clever use of your return page you could direct customers to your shopping cart page for upsales.

However, once your'e business has earned enough to justify a merchant account you should definitely move to that.

Jamison

Well, I do see your point. PayPal is more a mom and pope establishment and I see the point of avoiding them but one point that hasn't yet been made.

Visa, MasterCard is actually government by federal regulations.

One of these regulations makes it illegal for anyone without an authorized merchant account to acquire credit card numbers.

I don't know if there is criminal issues related to it but at the very least, you would face a heavy civil penalty.

If acquiring a merchant account is to expensive, you might find it does help just in the fact that you can dramatically increase your orders ratio.

If there is an issue of credit, many times merchant banks will work with you if you have bad credit by holding back some of the initial funding.

If you are blacklisted, there is very little you can do in the United States but you might consider WorldPay.