PCI Compliant FormMail

[George]

I am currently using NOF (11) FormHandler to have users send an email with
sign-up information (name, address, etc.). I need to add credit card
information but want the transmission to be PCI compliant. We do not want
to store any customer information on the host server, we just have it sent
via e-mail.

Are there any FormMail scripts that are easy to set up and still PCI
compliant?

Thanks... GEORGE

[Technology Ideas]

http://www.tectite.com/ - costs USD$95

[George]

Andrew - thanks for the response. I took a look at tectite and indeed they
do have an encrypted FormMail... however, they appear based in Australia and
make no mention of being PCI compliant.

Since we are based in the U.S.A., I need an encrypted FormMail that is PCI
compliant with the US laws.

Any other ideas?

Thanks... GEORGE


"Technology Ideas" <Technology.Ideas.4eybuo@no-mx.forums.netobjects.com>
wrote in message news:Technology.Ideas.4eybuo@no-mx.forums.netobjects.com...
>
> http://www.tectite.com/ - costs USD$95
>
>
>
> Regards,
> Andrew Baker | http://www.technologyideas.com.au
> Australia

[Franklyn Halamka]

Are you wanting this so folks can send you CC info? if so, you'll not be able to find one. There are several issues and laws with sending CC info in an email. 1st reason is its ability to be intercepted and then decrypted. There are several others also.

So, what are you trying to accomplish?

[George]

Thanks, Franklyn, for your response... but you may have answered my
question - althought I thought that some of the encription capabities (eg.
PGP) were PCI compliant - but maybe not.

Yes, my client wants to have web site visitors send credit card information.
But I won't set up the formmail unless I can find something that is PCI
compliant.

The obvious choice, a secure shopping cart, won't work because the credit
card information needs to be entered into a specific third-party
subscription-based billing software (which is PCI compliant) - but we need
to capture the information in the first place --- and in this situation,
phone confirmation is awkward.

This can't be that unique of a situation... there must be some secure
solution. Any ideas?

Thanks... GEORGE


"Franklyn Halamka" <Franklyn.Halamka.4ezx4b@no-mx.forums.netobjects.com>
wrote in message news:Franklyn.Halamka.4ezx4b@no-mx.forums.netobjects.com...
>
> Are you wanting this so folks can send you CC info? if so, you'll not be
> able to find one. There are several issues and laws with sending CC info
> in an email. 1st reason is its ability to be intercepted and then
> decrypted. There are several others also.
>
> So, what are you trying to accomplish?
>
>

[Franklyn Halamka]

Many third party CC processors have an API that you can use to interface with their systems. Create a SSL page to capture the initial data and when the user clicks on submit it then gets passed to the API and on to the 3rd party site. PayPal uses this, Bluepay, Authorize.net etc. If nothing else, see if the 3rd party has a virtual terminal that can be implemented via redirection etc.