SET-Who Needs It?
By Lincoln D. Stein
A few weeks ago I set up a system for a client that allowed him to take credit-card orders over the Web. It was a painless operation. Despite the fact that I had never done such a thing before, the entire process -- from planning through execution through testing -- took the lesser part of an afternoon.
All I had to do was point a fill-out form at a CGI script run by a credit-card validation service, a company called Web-Order, and include several hidden fields that indicated the cost of the merchandise that the user was purchasing and an internal reference number. The validation service's CGI script, using SSL encryption, did the hard part: prompting the user for credit-card information, validating the card number, authorizing the purchase (via a service provided by the
CyberCash company), and finally calling my own CGI script with parameters that indicated that the purchase had been approved. The only thing left for my script to do was to enter the order information into my client's database for later processing and display a confirmation page to the satisfied user.
Setting up the basic system was easy. The hardest chore would be dealing with the red tape of setting up a merchant's account at the bank -- a task my client had already taken care of. Dissatisfied, I went on to make the job a little more challenging by adding an extra layer of security to the system.
