How to make a form secure

I need to create a page that a visitor can enter the details of their credit card to be send to my clients email for a withdrawal
what steps I need to follow in order to make sure the transaction is secure ?

Just redirecting to the https:// address will do ? I am new to this !!

Any pointers would be appreciated

Why don't you use an online service for that? Paypal is great, and winbank is the best in Greece ;)

Otherwise whatever you do is not really secure. You would need https, plus cyphered emails....

this form has to be on a secure site ;)

you need also some fraude protection (check IP address country against the country from the CC)

don't allow to enter the CC number without some previous entered information (login?) (to be sure that the information is from a human and not a bot) If you hide the form from the public it's more safe and easier to protect.

what are "cyphered emails"

I mean encrypted mails :)

you mean encrypting the text two (like the binary files)

I think the storage with a safe database would be better, just send a mail with the information about the submission to the company...

Yeah, but how do you know that your database is safe? Especially when you are on a shared hosting account, I think it is a big risk.

shared hosting is really bad in all circumstances, after creating some more complicated web applications you need to use a dedicated server.

I think shared hosting is OK for a simple website without visitors and for learning, I learned the last time that searching for good shared hosting is was wasting time :(

Thanks guys for the answers,

Nick
when you say paypal you mean just redirect them to paypal ? and they handle the security ?
Winbank Is that with Pireos Bank ? and how does it work ? what is needed programmatically on my end ?

Both of them take care of the transaction, but programatically you connect with them so you know when a client bought something, what exactly ordered and if he/she paid for it.

What you actually do is that you send an id (order id) and when the transaction ends paypal (or winbank) posts back the information regarding the order.

Winbank is the internet division of Pireos.

Nick I have worked with paypal IPN before
winbank is sort of the same process right ?

Thanks

Never used winbank before (only one project that I didn't wrote code) but I think it is the same thing.

The only thing I know for sure is that they are the safest bank in Greece.

what payment provider you use you should use their platform to handle the payment process.

this is more trustful for the visitor and more safe, at the moment I'm developing a payment option for some site in the Netherlands (using iDEAL and CC).

I use the "internet-kassa" from the bank at the moment the product and customer data is collected. Fixing al wholes in a application without the payment process is work enough :)

I could not agree more.  It is always best to use an established platform to process very sensitive information.

Banks and other financial institutions pay huge sums of money to develop secure payment gateways, simply because their reputation is at stake every time the gateway is used.

To code something from scratch that handles CC payments in a highly secure way would be very time consuming, and then the testing and deployment of the application would probably take even longer than its creation.

Finally after all that effort, if you forgot to cover even the smallest security issue, you could end up in a very sticky situation with both your customers and the local authorities.

Most merchant accounts with banks (the accounts that allow you to process credit cards when the customer is not present) will insist you use their gateway anyhow.

I personally am not a fan of PayPal and the way they do business, however it is the best gateway for people who do not have access to merchant facilities of their own.  When people go to pay for something I believe they are re-assured by the paypal logo and thus more likely to buy.

The downside of course is the terrible charge back system where the seller usually loses out. 

I think any web designer should tread very carefully when asked to create a payment system. If something goes wrong there is the issue of liability for both the company and the web designer. I would hate to see anyone get sued or held financially responsible if the credit card information ends up getting stolen and used to make $xxxx's in fraudulent purchases.

I would tend to agree.  Working with CC information and Health Insurance Information daily, I can tell you how much QA and INSURANCE we have to run these type of gateways. 

You can do a lot of work with the various cashier websites out there.  I would never, ever accept a contract that would require anything but that.