[Techtalk] e-commerce
James
jas at spamcop.net
Fri Sep 6 14:00:24 EST 2002
On Fri, 6 Sep 2002, Dan Richter wrote:
> I work for a small company that's looking to add online payments to
> traditional payment methods. We're looking at a handful of online payments
> a month; no more. (But they're big payments from far away, so it's worth it.)
>
> This area is completely new to me. Is there anyone out there who has
> experience with e-commerce and can tell me what I need to know?
>
> A question in particular: normally you would have an online system to enter
> the credit card information, and another system that actually performs the
> transfer of funds - usually through a middle-man. Can we do the transfer
> part through the mail, so as to avoid going through a middle-man?
There are two key elements: a way to get the credit card details from the
client to you safely/securely, and a way for you to use them. For the
latter, you need to talk to a bank. In the UK, you can get a credit card
terminal which allows you to enter a CC number and amount, just by typing
the details in (a "Cardholder Not Present" transaction in bank-speak). It
sounds to me as if you already have credit card support - in which case,
just check with your bank about this.
For the former, the obvious need is for a secure WWW server - Apache can
do this bit - and then some secure way to transfer the information. If you
have a leased line or suitable DSL link, you could run this WWW server on
a machine in your office, then have transactions logged directly to (for
example) a dot-matrix printer as they happen. This way, anyone breaking in
CANNOT retrieve customer credit card information - at worst, they could
"Trojan" the server to send any subsequent transactions to them.
Be careful to log everything you can - you will almost certainly get
transactions being queried, and it's much more convincing to tell the
bank "Yes, that order was received from adsl-235-213.swbell.net at
11:23:04 on Sept 2nd" and have a secure log to prove it...
Once the order is received, enter the details manually (not viable for an
Amazon-type operation, but it seems suitable for your situation?) and
email the results to the customer. Having a human being in this stage
should also reduce the chances of you processing transactions for
customers called "H Acker" (email root at localhost, phone 911) or similar ;)
James.
More information about the Techtalk
mailing list