«

Hi,

I've been asked to look after the website for a very new professional
association for my profession. At the moment we have a whopping 50
members! We do however, hope to increase the membership. So we plan
on having online registration of members and in order to register
you'll have to pay. My first instinct is to go with Pay Pal because I
know it but other people are talking about PCI DSS compliance. I
googled this compliance and it appears to just be secure procedures
and processes to which a site must comply to avoid data being stolen.
Would Pay Pal or one of its competitors not do this? Is Pay Pal the
best route do you think?

We also want our content to be managed ie uploaded by non-technical
administrators and to be able to send group emails and bulletin
newsletters. I've been looking at how to do that. yourmembership.com
looks alright but it's too pricey for us. Would someone have an idea
on the best way to set up our site so we can manage communication from
it easily?

The last time I did any development was back on asp 1.0 and it was for
a web based application, not an actual website. It's not my intention
to do the development, I'm just facilitating it. I would really
appreciate some guidance on how to set the payments and the website
itself up.

Thanks

LL

Luvin lunch wrote:
> Hi,
>
> I've been asked to look after the website for a very new professional
> association for my profession. At the moment we have a whopping 50
> members! We do however, hope to increase the membership. So we plan
> on having online registration of members and in order to register
> you'll have to pay. My first instinct is to go with Pay Pal because I
> know it but other people are talking about PCI DSS compliance. I
> googled this compliance and it appears to just be secure procedures
> and processes to which a site must comply to avoid data being stolen.
> Would Pay Pal or one of its competitors not do this? Is Pay Pal the
> best route do you think?
>

Going though through process myself having had a commercial site for 10
years. My site and practices are compliant but the shared web hosting
server is not. I have not found a single shared web hosting server that
will pass. I doubt their are any.

Other options are dedicated server ($$$$) or VPS virtual private server
(a little more pricey than shared and my option) or lastly and probably
best solution for most, a payment gateway like PayPal. If you use a
payment gateway like PayPal the financials are handled on their server
not yours so the PCI Compliance problem for the server is theirs not
your's. (you still have to follow all the other aspects of the protocol
on your end with respect to paper, and data...)

HTH

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

On 14 Sep, 18:20, Luvin lunch <martina_mul...@o2.ie> wrote:

> My first instinct is to go with Pay Pal because I
> know it but other people are talking about PCI DSS compliance. *

You shouldn't need to worry about PCI DSS. If you did _need_ to worry
about this, then it doesn't sound like you're currently in a position
to actually achieve it in an appropriate way.

If you use PayPal (or WorldPay, or ProTX, or many other payment
gateways) then you _avoid_ the need to worry about PCI on your own
site because they handle it all for you.

It's worth reading the PCI docs just to be aware of them, but really
they don't have much detail in them at all (in terms of technical
implementation). Their guidance on what you MUST NOT store is worth
noting though (CVV2 etc.). In general though, a good browse through
Ross Anderson's books, Bruce Schneier's blog and the general industry
bablel about security best practices should give you a reasonable
grounding. If you aren't sure you can do something entirely
competently as yet (e.g. holding personal data), then best to avoid
doing it until you can guarantee this.

On Sun, 14 Sep 2008 10:20:52 -0700 (PDT), Luvin lunch
<> wrote:

>Hi,
>
>I've been asked to look after the website for a very new professional
>association for my profession. At the moment we have a whopping 50
>members! We do however, hope to increase the membership. So we plan
>on having online registration of members and in order to register
>you'll have to pay. My first instinct is to go with Pay Pal because I
>know it but other people are talking about PCI DSS compliance. I
>googled this compliance and it appears to just be secure procedures
>and processes to which a site must comply to avoid data being stolen.
>Would Pay Pal or one of its competitors not do this? Is Pay Pal the
>best route do you think?
>
>We also want our content to be managed ie uploaded by non-technical
>administrators and to be able to send group emails and bulletin
>newsletters. I've been looking at how to do that. yourmembership.com
>looks alright but it's too pricey for us. Would someone have an idea
>on the best way to set up our site so we can manage communication from
>it easily?
>
>The last time I did any development was back on asp 1.0 and it was for
>a web based application, not an actual website. It's not my intention
>to do the development, I'm just facilitating it. I would really
>appreciate some guidance on how to set the payments and the website
>itself up.
>
>Thanks
>
>LL


Paypal ask and take extra money for him on the first payment .....i
think that is an abnormal practice...

Luvin lunch wrote:
> Hi,
>
> I've been asked to look after the website for a very new professional
> association for my profession. At the moment we have a whopping 50
> members! We do however, hope to increase the membership. So we plan
> on having online registration of members and in order to register
> you'll have to pay. My first instinct is to go with Pay Pal because I
> know it but other people are talking about PCI DSS compliance. I
> googled this compliance and it appears to just be secure procedures
> and processes to which a site must comply to avoid data being stolen.
> Would Pay Pal or one of its competitors not do this? Is Pay Pal the
> best route do you think?

Google: "pci dss" paypal

First result:

https://www.paypal.com/pcicompliance