Designing a site for a professional association

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I've been asked to look after the website for a very new professional
association for my profession.   At the moment we have a whopping 50
members!  We do however, hope to increase the membership.  So we plan
on having online registration of members and in order to register
you'll have to pay.  My first instinct is to go with Pay Pal because I
know it but other people are talking about PCI DSS compliance.  I
googled this compliance and it appears to just be secure procedures
and processes to which a site must comply to avoid data being stolen.
Would Pay Pal or one of its competitors not do this?  Is Pay Pal the
best route do you think?

We also want our content to be managed ie uploaded by non-technical
administrators and to be able to send group emails and bulletin
newsletters.  I've been looking at how to do that.
looks alright but it's too pricey for us.  Would someone have an idea
on the best way to set up our site so we can manage communication from
it easily?

The last time I did any development was back on asp 1.0 and it was for
a web based application, not an actual website.  It's not my intention
to do the development, I'm just facilitating it.  I would really
appreciate some guidance on how to set the payments and the website
itself up.



Re: Designing a site for a professional association

Quoted text here. Click to load it

You shouldn't need to worry about PCI DSS. If you did _need_ to worry
about this, then it doesn't sound like you're currently in a position
to actually achieve it in an appropriate way.

If you use PayPal (or WorldPay, or ProTX, or many other payment
gateways) then you _avoid_ the need to worry about PCI on your own
site because they handle it all for you.

It's worth reading the PCI docs just to be aware of them, but really
they don't have much detail in them at all (in terms of technical
implementation). Their guidance on what you MUST NOT store is worth
noting though (CVV2 etc.). In general though, a good browse through
Ross Anderson's books, Bruce Schneier's blog and the general industry
bablel about security best practices should give you a reasonable
grounding. If you aren't sure you can do something entirely
competently as yet (e.g. holding personal data), then best to avoid
doing it until you can guarantee this.

Re: Designing a site for a professional association

On Sun, 14 Sep 2008 10:20:52 -0700 (PDT), Luvin lunch

Quoted text here. Click to load it

Paypal ask and take extra money for him on the first payment .....i
think that is an abnormal practice...

Re: Designing a site for a professional association

Luvin lunch wrote:
Quoted text here. Click to load it

Google: "pci dss" paypal

First result:

Site Timeline