Hello there. I am completely a newb let me say first off and this is the first time I have ever dealt with a shopping cart while building a website. I stumbled across some source code that gave me pretty easy instructions that I followed. I set everything up, and the way it shows me that this works goes like this.....
A customer adds an item to the cart, then checks out and enters the credit card information and everything. It then instructs me to go to my cgi file where I will find a list of all my orders along with the credit card information that each customer has entered and everything.
This is where my question comes in. Loading the cgi file in a new window can be done by anyone in the world on any computer. Of course it requires admin username and password, but IF someone managed to get ahold of the username and password they would then be able to just log in and steal all of that information. Is this the normal way to go about receiving credit card payments?? It just seems so insecure to me. In my mind I was thinking that when someone pays with a credit card, the transaction automatically goes to a third party site and I (the site owner) don't even have to see the credit card information at all.
Any information would be a great help. Is there a much more secure way of going about this? Is it normal that I will take all of these credit card numbers and then process them myself manually?
Thanks in advance!