Ssl

First thing, are you running your own server, or is it hosted somewhere.

If it is hosted somewhere, check ther help on how to do this or contact them.

Remember some key items, which I have seen people miss in the past.

- Only collect the payments on a secure page (which you were asking how to set up).
- The page that is called from the page collecting the information MUST BE SECURE as well.
- Also DO NOT use a third party form processing site for this information (unless it is a payment processing site set up specifically for this)
- Do NOT store credit cards in "plain text" format on the server, either in plain files or on the database. ENCRYPT IT
- Do not send the credit card information via e-mail
- Get a Secure Certificate for your site
- Make sure you use as much account verification as possible, this can not only lower your rates to the card processing company, but helps avoind needing the next item.
- LOG the IP address of the person filling out the form, and anything else that can help prove signup for payment. Hold on to them for a LONG TIME.

Just to give you an example, for a site I built, someone signed up LAST year, and has had recurring billing charging their credit card every 3 months. Today, we get an e-mail from the guy "please refund the charge on 6/30/06. I do not have an account with you". Trust me, a billing path really helps here. The IP address they signed up with matched the same provider & geographic location as the IP addrss the e-mail came from. We have log files to show they only used the system for a few days once they first signed up. We have log files showingbilling once every three months. Obviously a case of "so busy forgot they signed up" (It happens a LOT -- We have one of our first customers, signed up over a year ago, been paying us about $50 a month, and never used the service past the first day. My thoughts, write to them. Boss's thoughts, don't remind them as they will then most likely cancel.)

Also when you accept credit card info, make SURE you ask separately for the billing address of the credit card. If you have AVS (address verification service) activated, just having the wrong address will cause the transaction to come back declined. We have had several customers call and complain, that it is declined. Had one guy swear up and down the billing address was the same as the company address. finally he calls his assistant who was off that day at home. She tells him, no it is on his home address. LOL.

I won't go into it here, but depending on the card processor and or customers bank, every time they get a declined charge for AVS, the money may still be made unavailable for several days, and if this prevents them from paying a bill a few days later, guess who they will blame when the bank talls them "well you have 3 holds for $xx from 'online company.com' "?? Right back at you thinking they were billed mutiple times, even though after a few days the hold realeases and the funds are available again. (trust me, during testing this happened to me on my own personal card, luckily the bank reversed a lot on "overdraft fees" from it.

-Greg