Home/ Questions/Q 7785995
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T20:20:42+00:00

I’m setting up a site to accept credit cards for the first time. I’m

  • 0

I’m setting up a site to accept credit cards for the first time.

I’m using Drupal to manage products and store content, but that isn’t important. I’d like to help build a community-generated list of platform-agnostic credit-card acceptance requirements.

I’m looking for a checklist of the things I need to have in place in order to accept credit cards safely and responsibly.

I’ve done a fair amount of research.

The question below is good, but it is focused on getting a merchant account and storing credit cards on site. I think most web developers and small to mid sized organizations shouldn’t need to do this:
Payment Processors – What do I need to know if I want to accept credit cards on my website?

Here’s what I think I need:

  1. Fixed IP address and SSL certificate (purchased through web host, pretty easy to do)
  2. Enable HTTPS on all cart and checkout pages (Drupal feature)
  3. Set up a relationship with a payment processor (Stripe, Authorize.net, Paypal Pro)
  4. Develop site to match payment processor API (for me, this means a Drupal module)
  5. Do test transactions
  6. Flip to live
  7. Do more test transactions

Is this really all there is to accepting credit cards? Am I missing anything?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    At a minimum I would add some sort of real-time monitoring of key activities in your service. Failed password attempts, bogus URLs and URL parameters, transaction quantity/dollar amount, etc. These kinds of metrics can help you catch malicious behavior before it becomes a problem.

    You also need to consider things like account security, how you store passwords (salted and hashed using BCrypt or something similar) and other personally identifiable information.

    I would seriously reconsider storing credit card information at all. Even if you’re willing to comply with PCI-DSS (http://en.wikipedia.org/wiki/PCI_DSS) requirements it’s just much easier to use the checkout services provided by the processors.

    The technical requirements are not terribly difficult. Staying out of the limelight due to a breach is much more difficult. I ran a company that processed thousands of transactions per day…it is possible but it requires a fair amount of continued attention to stay on top of the risk factors.

    If you choose to proceed, I would invest in a couple of quality ethical hacks before you go live to make sure you didn’t miss anything.

    Good luck.

    • 0