Author: Michael (---.ny325.east.verizon.net)
Date: 10-12-06 21:39
To all people taking or giving credit card info to reserve a room:
Please, under no circumstance fill in web forms with your credit card info. The https on top does not mean, that the credit card info will not be mailed from the secure server to the merchant who then manually processes your credit card.
Sending cc info in an email is like posting it on the Internet!
Merchants, if you are still getting emails with customers' credit card info, even if your server is secure, you may lose your merchant account!
I found the following on a vacation rental discussion group:
"1) You put your merchant account at risk by doing this. It is
against their policies for credit card information to be sent by
unsecured means, and if they should become aware of this they will
likely cancel the account.
2) Your merchant account must be set up for online transactions. A
standard merchant account cannot be used for online transactions, and
extra fees are usually charged to do so. If your merchant account is
not set up to handle online transactions and they become aware of
this, they will likely cancel your account.
Handling credit cards online is very serious business, and should not
be done without taking extreme care and using very secure means of
doing so. Usually this means using a Payment Processor or Payment
Gateway to do so, or a system in which a 3rd party cart can securely
collect the credit card information for you to retrieve.
As I've mentioned before, even having the information go directly into
a database you have set up with your website will not be secure
enough, especially if on a shared server (which everyone normally is).
This means if you do use a system in which you collect only part of
the credit card information, and view the rest on your site through a
secure page, that information may still not be adequately protected.
Be sure any system set up in this manner will meet your Merchant
For the tourist this means, be extra careful, look for the verisign logo on the payment processor, use one that you know, like paypal and maybe ask a couple of questions over the phone before you book!