Quote:
Originally Posted by Bobblehead
As soon as you are talking having financial info in a database that can be accessed via some sort of a web portal, be sure you get someone who knows what they are doing. There are lots of vulnerabilities and while I don't think you can ever be 100% secure you do want to make it as safe as possible and that can require a strategy right from the schema out.
And be sure you get the specs all documented before you start. It is a huge PITA to try and retrofit security. It is way easier up front.
|
Just a word of warning, there's a lot more to it than just getting someone "who knows" when it comes to accepting and processing online payments. You'll need to be PCI certified, and that involves an end to end security assessment, regular audits, etc.
Online payment, handled on your own, can be a big proposition when it comes to delivering the IT infrastructure and process required to achieve PCI compliancy.