My client asked me if I'm able to set up a secure page where customers can fill out their payment information which then will be sent via email to my client who has a merchant account. I suggested Paypal but she is hesitant to use it due to bad feedback.

I was wondering if there's a way to set this up in PHP. No shopping cart system, just a form that's secure, I assume with encryption behind it and with the data being sent via email.

Any help is greatly appreciated.

To make the connection safe then you'd definitely need to encrypt the connection. (ie address starting https:// ) That'll make sure the customers details are safe during transmission and is nice n' easy to set up. In fact the host will probably set it all up provided it's the the hosting package your client has purchased or can pay extra to get it. The problem you might still have though is the second outbound connection. The customers browser will pretty much be guaranteed to be able to handle a TLS or SSL connection inbound to the server without even having to touch any options. But the outbound connection from the http server to the mail server will be less easy. The mail server will probably have to be configured to accept an enccrypted connection from the http server and then after that, the mail server would also have to be "locked down" to ensure that the data is safe once it arrives there for storage. Processing the data from mails could also prove to be a nightmare if any significant number of orders is recieved.

Personally I'd send the data for storage to a database. That way it can easily be processed by other scripts and would probably be much easier to secure. Sending the data to a database where only one specific user account has access to it springs to mind immediately.

I've not dealt with or implemented anything like you're trying to do yet (peurchases etc) so I may well be way of the mark in a good self built alternative to Paypal, but the method I suggested would be my first line of investigation.


EDIT:

Oh I almost forgot too. Don't forget that proper data processing is still of utmost importance. An encrypted connection will guard against malicious attackers detecting the information sent by an innocent user, but it will do nothing to guard the system you build from malicious attackers using your system against its self.

I agree with Mr. Herer… DO NOT send the credit card information through email, email is not secure. If you accept the credit card via a secure connection and store it in a database that has limited users. If it is necessary to pull the information for the client to see create a secure, password protected admin. I have created a couple similar systems for non-profit organizations who only get a few donations and do not want to go through the hassle of setting up only payment processing nor do they want to lose such a percentage of their donations.

In both instances when a payment is input it dispatches an email to the site owner letting them know they have a new payment. Then they login to a secure (https) admin area where the information is available to them. Once they’ve ran the credit card they can click a process button which removes the credit card number from the database while leaving the client information for later contact. This is in case that a malicious hacker does gain access it will limit the damage; the hacker will not have access to past accounts. Also, I don’t know if it’s possible in your instance but I limited access to the processing area by IP address to further limit who can reach the admin section for added security.

Hi! All this is not as easy as it sounds. First the server needs to accept SSL connections. Most ISPs charge a fortune for this but you can do it yourself if you have access to the server or you are hosting it locally. Next you need to make a certificate and key. These are specific to only one domain or sub domain and will give an error if used with anything else. Once made these have to be sent to a company who will endorse the certificates (Verisign for example). This costs a fortune too. Some ISPs allow sharing of SSL servers but again this costs lot of money as they know sites using SSL make lots of money. If you share an SSL server the domain name will not be your own which does not look professional.

If you are hosting locally a very easy to set up SSL server is TinySSL (http://www.ritlabs.com/en/products/tinyweb/tinyssl.php) but this can only be used with html or perl. Not php!

Regarding the email output the info can be sent by this means it just needs encrypting.

SSL doesn’t have to be that expensive. I have setup SSL Certificates with many hosting companies and usually you can get the whole process done for $150-$300 although using Verisign you may be looking at more. I generally use Comodo for my SSLs.

I also disagree with sending credit card numbers through email. Even if you were to “encrypt” them for transfer at some point to run them they would need to be unencrypted. At this point the credit card will be available to anyone who intercepts an email and can unencrypt them. Also, if the user stores those emails in a program like outlook there are numerous methods to which malicious users/hackers could gain access to the data. Access could be gained by a hacker or a disgruntled employee out to pocket a few dollars.

When you’re working with credit cards the most important job is your customers security. It is important that their information is protected. If you’re going to let the credit card numbers sit in someone’s inbox then you’re not protecting the customer.

Hi. I bought one today through freessl.com (http://www.freessl.com) 86 USA dollars for 2 years but the point I was making is you need your own server for that.

Isn't there some way you could "endorse" your certificate yourself? Say you just want to send a username and password over a secure link for a client login, there's nothing too critical at stake, but you don't want to send unencrypted data. Is it possible to initiate a secure connection with a certificate and a public key without paying some big company to set it up?

Even if it's not possible with paid hosting, can it be done if you run your own webserver?

Isn't there some way you could "endorse" your certificate yourself? Yeah! It is possible, in fact easy. You just make your own key and certificate yourself which will give you exactly the same encryption as a signed certificate but it will warn the viewer when accessing the page that the certificate is unsigned. Also the way it warns the user i.e. this certificate could be dodgy, may be a fraudster etc (the warning depends on the browser) is enough to send your average person into a paranoid deluded fantasy and hence not use the site. The purpose of a signed certificate is twofold: one it inspires confidence in the viewer (especially if it comes from one of the two 'big' issuers) and; two if the encryption is cracked the issuing company pledges to pay compensation to the person whose data was stolen up to an amount agreed when purchasing the certificate.

I see, that's why I see that warning when logging into cPanel with some hosting providers. :) Well, I have cPanel generated certificate and public key text files... what do I do with them, how would I go about initiating a secure connection? Even if I only use it myself, since I'd know what the warning means, I have no idea how to set it up, and can't seem to find very much online about how to get started with SSL-protected connections.

Thanks everybody for your feedback. This is exactly what I was expecting to hear. I just wanted to rule out that there is a simple and secure process before I decline this assignment. I will use bits and pieces from each answer to send to the client.

No wonder, so many people use Paypal! Just to bad my client doesn't believe in it.....

Thanks again!

I wouldn't decline the project, it isn't that difficult or expensive. I have done it a couple of times and it's pretty easy. We’re all here to help you through it.