tags:

views:

62

answers:

6

Should I use SSL to secure my custom made CMS? I will be trying to accept Credit card info through a form, after my clients' login. It sounds good to me, but what does everyone else think?

+1  A: 

Um.. If you're collecting any personal data you should be using SSL.

My opinion at least.

Of course if the backend isn't secured at all, it doesn't help much.

John Weldon
+2  A: 

Personally I wouldn't submit my credit card details through an unsecured page.

A large (and increasing) proportion of web users expect to see SSL ("the padlock") when submitting sensitive details over the web.

Not to mention the fact that you're almost certainly breaking the credit card companies' PCI rules by not using SSL.

RichieHindle
+2  A: 

I think there may well be legal issues if you don't use SSL while handling credit card data. See the PCI data security standard for details.

ire_and_curses
+1  A: 

Have you thought of using a 3rd party merchant?

They are often as secure as possible and trusted by users.

kerchingo
+4  A: 

I'd strongly suggest reading up on PCI and PA-DSS if you're intending to collect credit card data. At the very least, you need to ensure:

  1. All transactions are conducted encrypted, so yes SSL is a necessity.
  2. You either encrypt or not store the card numbers.

But definitely, read up on the above because you leave yourself very wide open legally if your system gets compromised.

PCI Security Standards Council has a lot of documentation available.

John Cavan
+1  A: 

Like @RichieHindle mentioned, it is required to use SSL while collecting credit card info. At least Visa and MasterCard requires it.

Also, from the perspective of users, it will show that you take care of the security of their data.

Danny Maya