I have a client who outsources his website development work to me. The current client I am doing work for wants to accept credit card transactions online via donations and a joining fee.
I informed my client that his clients easiest route would be paypal and second would be through their banks online merchant service. Apparently, they are insisting that the credit card information is emailed to them and they process it manually. Through email I have told my client that it's not secure enough. Even with SSL on the server and if they connect to the email server with SSL it's still not secure. The webserver and email server are on the same box.
I gave them the only way I would be comfortable with not using a merchant service, but the cost for me to code all that was very high and they didn't want to pay.
So, my ethical delima is whether or not I refuse to put in the code to email the CC info since I know it's not secure even though I have informed them.
So what do you guys think?
I informed my client that his clients easiest route would be paypal and second would be through their banks online merchant service. Apparently, they are insisting that the credit card information is emailed to them and they process it manually. Through email I have told my client that it's not secure enough. Even with SSL on the server and if they connect to the email server with SSL it's still not secure. The webserver and email server are on the same box.
I gave them the only way I would be comfortable with not using a merchant service, but the cost for me to code all that was very high and they didn't want to pay.
So, my ethical delima is whether or not I refuse to put in the code to email the CC info since I know it's not secure even though I have informed them.
So what do you guys think?