Legal Question regarding E-Commerce / Credit Card Payments.

The User sends his Credit Card Information (number/expiration Date/Safety Number) over email to vendor. Vendor types this info from the email into a Credit Card Terminal.

Is this even legal? I thought when listing Credit Card Payment you have to use a PSP (Payment Service Provider) that conforms to the security regulations etc.

@DLMousey Thanks for the long post! Might be legal then, but if you do it and shit hits the fan, your liable. I guess.

>User sends his Credit Card Information (number/expiration Date/Safety Number)
Holy shit that is like ultra illegal nowadays,this is not the 90s anymore
https://pcicomplianceguide.org/faq/

Are you perhaps in charge of making a custom payment gateway? Assuming that is the case the bank that approved you will have gave you access to the Bank Credit Card networks servers API then you could use something like this http://omnipay.thephpleague.com/gat... assuming you have properly set *every* minuscle detail that the PCI compilance force you to have .... you are better off using something that already had done that and paid their commision like Stripe or are you looking for a local payment option? I know some of them if you want to know

@legionfrontier Yep doing just that.
Implementing Payment methods into a Webshop. Not planning on doing credit card information processing myself though.

The customer's initial idea was to have a form on the website that takes the credit card information and stores it on the backend of our CMS. He then uses his credit card terminal to bill the customer. I already told him that I am not going to do that and instead use a Payment Service Provider and the Aquirer that he already uses for his cc terminal.

He told me used to do that via Email, and I wondered it that is even legal. I still don't know if it's legal but it is definetly a stupid idea. ^^

@Ederbit like I told you, dont even think doing that, is ultra illegal, first of all to process payments you entire business has to be register in your country as a payment facilitor then the bank that will underwrite you to enter with their Mastercard/VISA network endpoint has to approve you to use them which is virtually impossible nowadays then you have be PCI complience which absolutely forbids you to store *any* non tokenized info of the client and I can go and on how abysmally illegal what the stupid client wanted to do, if you have ever used a credit card or any service where you give out your secret numbers, what makes you think it couldnt be abused and steal money from the user without giving a single shit?

@legionfrontier Like I said, I'm not doing that. Don't worry :)