- This topic has 3 replies, 2 voices, and was last updated 11 years, 3 months ago by .
- The forum ‘General Discussion’ is closed to new topics and replies.
These forums are for general discussion on WordPress and Genesis. Official support for StudioPress themes is offered exclusively at My StudioPress. Responses in this forum are not guaranteed. Please note that this forum will require a new username, separate from the one used for My.StudioPress.
I have a client that needs to do the following:
1. Collect basic info from people
2. Collect their Social Security Number
3. Accept Credit Cards.
Obviously I need SSL, but what program would you recommend to do this? I have gravity forms, but I was told it is not very secure because it stores the data in wordpress. I have cart66, but I don't think I can add a field for SSN or the other fields needed.
Um, I don't know of any system that does that. I would never fill that in with a WordPress based form. If you want to collect that kind of info you need a ton of security, split your information into two secured and encrypted databases so if one does get lifted the info is useless.
Seriously not something you want to get into without a lot more experience in securing data. You will get hacked and you will get sued. Look at the Playstation Network and other big systems out there that have been hacked, and they weren't even collecting SSN+CC. Do that and every identify theme will be all over you.
I could use a third party that secures the data like wufoo forms?
It is more than just securing the data. When you collect details like that you need everything secured. SSL to ensure the data between the form and your server or the third party server is secured. The server itself needs to be secured. Do you want to trust the third party public system to secure your data? Any system that could ever access the data needs to have extremely high security. A single virus or trojan can cost you big.
I mean really big. When you collect this data you are responsible for it. If it gets out (and it will unless you are crazy good, this stuff gets taken from secure servers on a scarily regular basis and it is most often collected because some computer with access got hacked not the secure server) then you are liable for damages. Lawsuits on this kind of stuff have cost millions lately.
Personally I refuse to do any project that looks to collect this kind of data. When I do Credit Card Processing I try to convert that to a purchase ID with the gateway without recording the credit card number ever. I don't want anything to do with keeping data like this. There are third party agencies that can process the data and send me the info I need so I don't ever have to touch the personal information.
© 2024 WPEngine, Inc.