Keep in mind that using SSL to send a card number from a browser to a server is like covering your credit card number with your thumb when you hand your card to a cashier in a restaurant: your thumb (SSL) prevents other customers in the restaurant (the Net) from seeing the card, but once the card is in the hands of the cashier (a web server) the card is no longer protected by the SSL exchange, and the cashier could be doing anything with that card. Access to a saved card number can only be stopped by the security on the web server. Ie, most card thefts on the net aren't done during transmission, they're done by breaking through poor server security and stealing databases.

整个过程有很多。最简单的方法是使用类似paypal的服务，这样你就不会实际处理任何信用卡数据。除此之外，要获得批准在你的网站上提供信用卡服务，还有很多事情要做。你可能应该和你的银行谈谈，以及给你发商户ID的人帮助你设置这个过程。

Keep in mind that using SSL to send a card number from a browser to a server is like covering your credit card number with your thumb when you hand your card to a cashier in a restaurant: your thumb (SSL) prevents other customers in the restaurant (the Net) from seeing the card, but once the card is in the hands of the cashier (a web server) the card is no longer protected by the SSL exchange, and the cashier could be doing anything with that card. Access to a saved card number can only be stopped by the security on the web server. Ie, most card thefts on the net aren't done during transmission, they're done by breaking through poor server security and stealing databases.

我想补充一个非技术的评论，你可能会想一下

我的几个客户经营着电子商务网站，其中包括一对拥有中等规模商店的夫妇。这两者，虽然他们当然可以实现支付网关，但他们选择不，他们获取cc号，将其临时加密在线存储，并手动处理。

他们这样做是因为欺诈的高发率和人工处理允许他们在填写订单之前进行额外的检查。我被告知他们拒绝了20%多一点的交易——手工处理当然需要额外的时间，在一个案例中，他们有一个员工除了处理交易什么都不做，但如果他们只是通过在线网关传递抄送号码，支付他的工资的成本显然比他们的风险要小。

这两个客户端都提供具有转售价值的实物商品，因此特别容易暴露，对于像软件这样的产品，欺诈性销售不会导致任何实际损失，但如果您真的想要实现在线网关，则值得考虑在线网关的技术方面。

编辑:既然给出了这个答案，我想加上一个警世故事，说这是一个好主意的时代已经过去了。

为什么?因为我知道另一个线人也在用类似的方法。信用卡的详细信息被加密存储，网站通过SSL访问，处理后立即删除号码。你觉得安全吗?

他们的网络上没有一台机器受到密钥日志木马的感染。结果，他们被认定为几张伪造分数信用卡的来源，并因此受到了巨额罚款。

因此，我现在从不建议任何人自己处理信用卡。自那以后，支付网关变得更具竞争力和成本效益，欺诈措施也得到了改进。现在冒险已经不值得了。

我可以删除这个答案，但我认为最好还是编辑一下，作为一个警世故事。

As others have mentioned the easiest way into this area is with the use of Paypal, Google checkout or Nochex. However if you intend to to a significant amount of business you may wish to look up "upgrading" to higher level site integrations services such as WorldPay, NetBanx (UK) or Neteller (US). All of these services are reasonably easy to set up. And I know that Netbanx offers convenient integration into some of the off the shelf shopping cart solutions such as Intershop (because I wrote some of them). Beyond that you are looking at direct integration with the banking systems (and their APAX systems) but thats hard and at that point you also need to prove to the Credit card companies that you are handling the credit card numbers securely (probably not worth considering if you are not taking $100k's worth per month).

从第一个到最后一个的成本/好处是，早期的选择更容易(更快/更便宜)设置，让你为每笔交易支付相当高的手续费。后期的设置成本要高得多，但从长远来看你付出的更少。

大多数非专用解决方案的另一个优点是，您不需要保持加密的信用卡号码的安全。那是别人的问题:-)

一定要了解PCI所需的额外工作和预算。PCI可能需要巨额的外部审计费用和内部努力/支持。此外，要注意可能单方面对你征收的罚款/处罚，通常与“违法行为”的规模不成比例。