Making an order form is a typical goal for a large number of Formsite account owners and the most common need is to collect credit card payments. We have made it easy and secure by building our payment systems that are integrated with the form and results. Our integration means that collecting the credit card numbers is done by the payment processor, and tracking the transaction status and history happens automatically.
The integrations with PayPal, Authorize.net, and Stripe are built to connect your Formsite form directly to your payment account so that there is no need to collect credit card information. This is important because it completely removes the risk of the payment information falling into the wrong hands.
Protecting Against Identity Theft
Having a credit card stolen is a giant inconvenience and potentially a life-changing event. With our personal assets easily available digitally, protecting that information is an important concern. When customers complete order forms and enter their credit card numbers, most people don’t think twice about where that information goes and where it’s stored.
Formsite’s payment integrations work by connecting the visitor directly with the payment collecting companies so that the credit card information is not recorded in the form results. Since the numbers are not part of your results table, you’re not responsible for the safe handling of this information.
Collecting Credit Card Information
There are legitimate needs for many organizations to collect the credit card information, like when the transaction is to be completed at a later date or if there is an offline system to be used. In these cases, collecting and storing the sensitive information is unavoidable and extra care must be taken to prevent data exposure.
- Use the Credit Card item: Be sure to use the appropriate item in your form so that the system can help you stay secure. The Credit Card item is a special form of a text input field that tells the system of your intent and will activate additional security features. Using a standard Short Answer or Number item does not activate these features.
- Secure Form: Go to your Form Settings -> Security page to activate your Secure Form setting, which tells the form system that your form is collecting especially sensitive information. This setting prevents accidental non-secure access and actions, and provides prompts and recommendations where possible.
- Encryption: The Credit Card item also automatically turns on the encryption for the item, which uses a protected method of jumbling the value so that it’s not readable. The value is un-jumbled when it is needed so that it’s readable again.
Credit Card Security
What are the possible ways that information can be exposed and how does Formsite help to prevent it?
- Email: Email is not secure, regardless of whether you use a secure connection to read it. Connecting to your account that starts with ‘https’ is good to protect from anyone snooping on you at that moment. Unless you take precautions, however, email contents are sent in clear text, which means that anyone who intercepts the email can read it.Aside from encrypting the emails, the next best method of protecting the information is to not send it at all. Instead, Formsite has a Secure Link format available for email notifications that send the recipient a link to a password-protected web page to view the information.
- Personal: Another security layer is Formsite’s masking of the information in all Credit Card items in most places so that only the last 4 numbers are visible. This automatic protection helps to protect against exposure by requiring the proper security measures to view the entire number, such as logging into the Formsite account and viewing the individual result through a secure web browser.
If you have any questions about collecting payments with credit cards, Formsite’s security, or any other question, feel free to contact our support staff at any time.