I am working on a website for a client who doesn't want to take payments online. Instead he just wants to get an email with the order and credit card details, so that he can process it later offline.

My question is that I undetstand that I will have to create a web page to get the credit card details, and then store this web page in the secure part of the hosting server. I plan to use SSL for this. However, I want to automatically email the order with the CC details to the owner of the website (my client). I know how to send an email using ASP.NET, but my concern is how is this normally done with regards to sensitive data such as CC details.

Can I just generate a normal email, with all the CC details. Is this acceptable?

OR is there a generally accepted method to make an email 'secure' as well?

I just want to know what is the generally accepted way to do this.

Thanks for any help.

E-mailing credit card results is generally not an acceptable practice. Your clearinghouse could revoke your clearing rights for doing this.

The best way would be to perform clearing on-line, and store only the authorization code. If you can't do that, then storing the credit card details in the database is generally acceptable, especially if you encrypt them.

There are several ways to send secure e-mails. Some of the controls listed in the control gallery should have this capability.

Okay, thanks for that, but one thing...If I store the CC details in the database, then I would still need to retrieve them from the database...so what's the deal with that? What would be the procedure to retrieve the CC details from the database, or is there something I am missing here? Thanks for your help.

What I mean is that if I store the CC details in a database, and email the rest of the order details directly to notify the owner that he has an order, how should the owner proceed to get the CC details from the database. Should I create a secure webpage which only he can access to read all the CC details from this database. One way or other he has to get at the CC details, so what would be the best way to do this. I hope I am making sense here. I asked him about taking payments directly online, but he doesn't want to do this. Thanks for all the help.

The procedure to retrieve the CC details from the database would be the same as getting any other information out of the database.

You would want to make a page and secure it in some way. Perhaps even in a subweb that's secure with your site's admin password. Whatever--just make sure the general public can't get there. Access the page through HTTPS, and enter your order number to retrieve the CC details.

If you're really clever, you can add a link to the e-mail notification you give yourself that an order has been placed to take you directly to the CC details.

Excellent. Thanks for your reply. That was exactly what I was looking for. I will persue this method of working as it seems to be the next best thing to taking payments online, which my client doesn't want to do.

Cheers
mhype