How do I set up a secure submission form?

  • I’ve had a lot of luck making custom forms using contact plug-ins that have a lot of unusual and useful fields but now I have a kind of unusual need: A form where someone would enter a credit card number. It doesn’t need to process the credit card or anything like that, just store it or convey it to the administrator of the site. I don’t feel that using a standard email contact plug-in is secure enough for this use. So what are my options? I see the following factors as possibly being elements of this:

    1) Housing the site or part of the site on a secure server
    2) Somehow using a secure email system for submitting the info
    3) Storing the submissions in WP for the administrator to view without emailing it.

    Anyone have any thoughts on this?

Viewing 2 replies - 1 through 2 (of 2 total)

  • If you are storing CC details, then what you do must be PCI-DSS compliant, and your code must be PA-DSS approved. Anything else, you’e making yourself (or the shop owner) liable for fines. For details, see https://www.pcisecuritystandards.org/

    I’d really advise against a DYI job therefore, better to get an approved payment gateway involved. That way, you shift part of the responsibility off to the 3rd party provider.

    I’m not sure in which country you are, so solutions will vary depending on your location.

    Thread Starter buskerdog

    (@buskerdog)

    Thanks. We’re in the USA. Do you think that all applies if there’s no payment being handled by the site? Just storing the numbers?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How do I set up a secure submission form?’ is closed to new replies.