I am looking for some ideas to help me implement a solution for a client of mine. I have setup a very small store (custom coded) that allows users to add items to a cart and then goto a checkout. My client wants to gather their information, including credit card number at this point. However, they do not want to do online credit card processing. Thier initial suggestion was to have the users fill out the form (SSL), including their credit card number, and submit it - and the form data will be emailed to them and they can process the credit card manually at their store.

My main concern with this is: I don't necessarily want to send Credit Card information via an email based form -even if it is using SSL. Does anyone have any thoughts or suggestions for other options? I am using ASP VBScript.

Thanks!

I've run into situations like this with previous clients. Here's what I always suggest to them and now to you...

When an order is placed collect the credit card info into the database...then have the shopping cart app email your client with a notification that says "A new order has been submitted, click HERE to view the order" where the 'HERE' is a hyperlink to the back-end of your app (assuming there is a back-end). The email contains absolutley no information about their customer...just a variable indicating the new order's unique identifier (www.gizmos.com/_administration/orders.asp?order_id=12345). When your client follows the link and logs into the site's back-end, they are presented with the new order information including credit card info.

Hope this helps...

Thanks for the input - I like the idea, however, I do have 1 question... what do you do with the credit card data in the database? Do you store it forever? Or does it get deleted after the client has processed the order? Did you create an automatic function to delete the CC information?

For obvious security reasons, I would prefer not to keep the CC information stored for an extended period of time in the database.

Thoughts...

A couple of possibilities...

1. The customer creates a user account and stores their credit card info in their user profile. This is especially good if the site gets a lot of repeat buyers. They log in to check out and voila, their credit card info is automatically populated. Good for lazy shoppers like me...bad for those who believe that everyone online is out to get their credit card info.

2. In the back-end allow the person processing the order to mark said order as "completed". At the same time the order status is updated in the db you could wipe the credit card info (or ALL customer info, for that matter) and leave just the order info necessary to run reports in the future or what-have-you.

Hope this helps...