E-commerce merchant-hosted transactions

Question

I am developing an e-commerce website, I want payment process to be done from my site. meaning user will enter credit card details in a payment page of my site.

In short users should not be redirected to payment gateway for payment processing.

I am using MasterCard MIGS

Any help will be highly appreciated. Thank You

Answer 1

For a start you'll need to use SSL when taking the customer's card details.

You'll also need to be PCI compliant, e.g.:

Build and Maintain a Secure Network

• Install and maintain a firewall configuration to protect cardholder data

• Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

• Protect stored cardholder data

• Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

• Use and regularly update anti-virus software
• Develop and maintain secure systems and applications

Implement Strong Access Control Measures

• Restrict access to cardholder data by business need-to-know

• Assign a unique ID to each person with computer access

• Restrict physical access to cardholder data

Regularly Monitor and Test Networks

• Track and monitor all access to network resources and cardholder data

• Regularly test security systems and processes

Maintain an Information Security Policy

• Maintain a policy that addresses information security

Ultimately, you will want to avoid storing any card details without a serious compliance headache.

Using MasterCard MIGS should mean you don't need to store any card details - just send them under SSL.