|
I have a form for a resort where guests can make an online reservation and enter their credit card info. Then someone at the resort logs into the secure server with secured webmail to view the reservation, print it and then delete it.
This is on a shared hosting environment so any emails waiting to be read are subject to possible abuse.
Now we are supposed to be pci compliant and don't think the form on the shared server will comply even if the form results were encrypted and its just not a safe setup anyways.
Now I could go through someone who specializes in processing hotel reservations but that can get expensive and its a small hotel with about 80 rooms. It doesn't really matter if the card is charged right away, I can keep it so that it is only charged manually by the hotel staff once they verify that the room is available for that date.
Since I want to keep my custom php reservation form I created maybe I could just host the form somewhere that they specialize in securing the data?
So I was wondering if I should go with one of the merchant account credit card processors so that everything happens on someone elses safe server or maybe it would be cheaper if I could just host my form on a safe server where the hotel staff would still be able to retreive the card info and process it manually?
Or is it possible to send the data from the form fields to paypal?
any suggestions much appreciated!
thanks
-George
|
