HTTPS/SSL Certificate - Mandatory for CC?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
xjake88x
Forum Commoner
Posts: 50
Joined: Sun Aug 01, 2004 7:05 pm

HTTPS/SSL Certificate - Mandatory for CC?

Post by xjake88x »

Should I always use HTTPS when users are inputting credit card numbers & billing info? Do you know any sites that don't use HTTPS? I just want to know if it's a total no-no for web applications.

Discuss.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: HTTPS/SSL Certificate - Mandatory for CC?

Post by Christopher »

It is a total no-no to not use encryption when transmitting credit card information. I don't know of and website that does not use HTTPS to submit credit card info.
(#10850)
User avatar
xjake88x
Forum Commoner
Posts: 50
Joined: Sun Aug 01, 2004 7:05 pm

Re: HTTPS/SSL Certificate - Mandatory for CC?

Post by xjake88x »

Thanks for the help! I'll add ssl certificate onto my clients expenses :P
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: HTTPS/SSL Certificate - Mandatory for CC?

Post by kaisellgren »

That's right. It's a big no-no, and it would be better if you just used HTTPS all over the site. There are unfortunately sites that do not utilize SSL/TLS and eavesdropping those credit card details is too easy..
Post Reply