views:

18

answers:

1

I'm planning to use eWay (http://eway.com.au) as payment gateway for my store, however they do not allow much customisation on their hosted page. I want to avoid touching credit card numbers at any point and so their hosted page would do for me. So I was thinking of creating my own form on my website that would be submitting data to eWay backend, exactly same as their form on their hosted page does. Once submitted data processed it would redirect to my site. To give users piece of mind form on my site would probably be on SSL although that wouldn't make any more secure as far as I know. Please let me know if that would that be possible or I am missing something important here.

UPDATE: just realised that my form can be hacked too, seems pretty obvious yet missed it somehow

A: 

Two things immediately came to mind: (1) you're no longer avoiding "touching credit card numers" if those are submitted on your own form, and (2) unless their form is guaranteed/supported like an API, as soon as they decide to change to a new form your own submittals that depend on their old form will probably break, and you'll be down while you play catch-up.

joe snyder