Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Luvin lunch
September 14, 2008, 5:20 pm
rate this thread
I've been asked to look after the website for a very new professional
association for my profession. At the moment we have a whopping 50
members! We do however, hope to increase the membership. So we plan
on having online registration of members and in order to register
you'll have to pay. My first instinct is to go with Pay Pal because I
know it but other people are talking about PCI DSS compliance. I
googled this compliance and it appears to just be secure procedures
and processes to which a site must comply to avoid data being stolen.
Would Pay Pal or one of its competitors not do this? Is Pay Pal the
best route do you think?
We also want our content to be managed ie uploaded by non-technical
administrators and to be able to send group emails and bulletin
newsletters. I've been looking at how to do that. yourmembership.com
looks alright but it's too pricey for us. Would someone have an idea
on the best way to set up our site so we can manage communication from
The last time I did any development was back on asp 1.0 and it was for
a web based application, not an actual website. It's not my intention
to do the development, I'm just facilitating it. I would really
appreciate some guidance on how to set the payments and the website
Re: Designing a site for a professional association
You shouldn't need to worry about PCI DSS. If you did _need_ to worry
about this, then it doesn't sound like you're currently in a position
to actually achieve it in an appropriate way.
If you use PayPal (or WorldPay, or ProTX, or many other payment
gateways) then you _avoid_ the need to worry about PCI on your own
site because they handle it all for you.
It's worth reading the PCI docs just to be aware of them, but really
they don't have much detail in them at all (in terms of technical
implementation). Their guidance on what you MUST NOT store is worth
noting though (CVV2 etc.). In general though, a good browse through
Ross Anderson's books, Bruce Schneier's blog and the general industry
bablel about security best practices should give you a reasonable
grounding. If you aren't sure you can do something entirely
competently as yet (e.g. holding personal data), then best to avoid
doing it until you can guarantee this.
- Raymond SCHMIT
September 15, 2008, 10:42 pm
- » (.ws) domain name extensions are available via site www.jobhotlist.ws
- — Next thread in » HTML Markup Language
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum