People are very insecure about ordering online. Even though many people order and give their credit card information over the phone they still are hesitant upon ordering online.

This FAQ explains what you need to look for as a web surfer, and what you need to have installed as a merchant for safer credit card transactions.

What a safe web surfer should look for...

A HTTPS secure site is one with the padlock on the bottom of the browser. The padlock tells you that the web page is secured via an SSL certificate. Along with that padlock, your web page should also display a https: in the location bar instead of http. The "s" stands for 'secured'.

Even if a site looks to be secure, there are still risks. The merchant may be a crook, the site could be hacked,  or you might be looking at a phishing site.

So when you are surfing, don't give any website your credit card details or sensitive information unless it is HTTPS secure (and there are no certificate warnings). Better stil, use Palpay or a credited bank links on the site, make sure that their HTTPS address is in the location/address bar, and check out their certificate.

What is HTTPS?

HTTPS is the use of Secure Socket Layer (SSL) as a sub-layer under its regular HTTP application layering. It stands for HyperText Transfer Protocol with Secure Sockets Layer.

In a nutshell, the socket encrypts the data between the web browser and the server - so the details can not be harvested.

Unsafe Sites and other Bad Practises (like using Forms)

Some unsafe websites use forms to collect credit card details on unsecured (HTTP) sites. Unsecured sites send the data through the Internet in plain text. This means that if you have a form asking for a credit card number, that credit card number can be intercepted by anyone with a packet sniffer. Since there are many free sniffer software tool, this could be anyone at all.

By collecting credit card information over an unsecure connection, you are broadcasting that credit card information to the world. And the only way your customer will learn it was stolen is when it's maxed out by a thief.

If there is an incident and your bank finds out that you have being doing this, you could loose your credit card facilities for good.

How to collect Credit card details as a Merchant

The best way to collect the details is not to collect the details yourself! Use a payment gateway like PayPal, or your online merchant account. These methods use secure sites that specialise in https and other technologies. As the merchant - all you see is the transaction taking place. If you don't know the credit card details, then you are not liable for loosing credit card details!

If you don't wish to use a payment gateway and want to take credit card details, then you will need to purchase and register an SSL Certificate. Certificates range in price, usually starting in price of $100/year. You'll also need a unique IP that costs $80/year. In addition, credit card companies usualy require you to undergo a PCI (Paymeny Card Industry) compliance. This usually  involves a rigorous auditing process that reviews your network security systems and methods of collection and storage of credit card information.