I have a client who wants to accept donations via credit card using a secure method on their website, but rather than processing the information in real time, they want the submitted credit card info sent to them via email, which they will then enter manually using an existing payment system. My recommendation was to avoid anything that involves CC info being transmitted in an email and instead just use PayPal for real-time payment processing, but this is what they want. Is there a way to do this?
That woud breach PCI compliance and possibly bring about a whole lot of hurt from law suites.
Thyere is no legal way to send credit card information via email. Credit card information is not allowed to be stored on computers on the internet and all mail servers are on the internet.
Given the need for many merchants to access a customer’s billing some merchant providers have developed a key-based system which allows a website to initiate a secure transaction and then returns an identifier to reference to for future edits / charges. This is not the same of course as having the credit card number its self but since that’s not allowed it can be a viable option.