SSL Certificate can confident your potential clients. Don't need to buy very very expensive SSL Cert. I suggest you go for GlobeSSL, only $16 bucks. But it make your clients feel safer and more likely to do business with you. And make sure you have the SSL SEAL put on very very visible part of your site and every pages. Little investment, and more sales. Client happy, you happy, ssl cert company happy too. lol
i wonder if any of you have heard of PCI and its requirements. If you are collecting cc data without encryption, and you get caught, someone from the PCI (visa, mc, amex, disc) could shut you down and fine you. The requirements for people doing <20k transactions are fairly easy, but encryption of cc data is one tenant. actually, you need to have your systems scanned every quarter and resolve any findings. Only certain companies are certified to perform this scan. All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. PCI SSC is responsible for managing the security standards while each individual payment brand is responsible for managing and enforcing compliance to these standards. For questions regarding compliance validation requirements and deadlines as well as compliance reporting requirements, we recommend that you contact your acquirer. For more information regarding the PCI security standards and supporting documentation, including the “Navigating the PCI DSS†as well as targeted Self Assessment Questionnaires to assist small and medium merchants, please visit the PCI SSC website at: www.pcisecuritystandards.org.