November 19, 2012 at 4:13 pm #745
I have a client that needs to do the following:
1. Collect basic info from people
2. Collect their Social Security Number
3. Accept Credit Cards.
Obviously I need SSL, but what program would you recommend to do this? I have gravity forms, but I was told it is not very secure because it stores the data in wordpress. I have cart66, but I don't think I can add a field for SSN or the other fields needed.
Thanks.November 19, 2012 at 5:48 pm #765
Um, I don't know of any system that does that. I would never fill that in with a WordPress based form. If you want to collect that kind of info you need a ton of security, split your information into two secured and encrypted databases so if one does get lifted the info is useless.
Seriously not something you want to get into without a lot more experience in securing data. You will get hacked and you will get sued. Look at the Playstation Network and other big systems out there that have been hacked, and they weren't even collecting SSN+CC. Do that and every identify theme will be all over you.November 19, 2012 at 5:49 pm #766
netviperParticipantNovember 19, 2012 at 6:37 pm #772
It is more than just securing the data. When you collect details like that you need everything secured. SSL to ensure the data between the form and your server or the third party server is secured. The server itself needs to be secured. Do you want to trust the third party public system to secure your data? Any system that could ever access the data needs to have extremely high security. A single virus or trojan can cost you big.
I mean really big. When you collect this data you are responsible for it. If it gets out (and it will unless you are crazy good, this stuff gets taken from secure servers on a scarily regular basis and it is most often collected because some computer with access got hacked not the secure server) then you are liable for damages. Lawsuits on this kind of stuff have cost millions lately.
Personally I refuse to do any project that looks to collect this kind of data. When I do Credit Card Processing I try to convert that to a purchase ID with the gateway without recording the credit card number ever. I don't want anything to do with keeping data like this. There are third party agencies that can process the data and send me the info I need so I don't ever have to touch the personal information.
You must be logged in to reply to this topic.