http://ask.metafilter.com/111755/Data-And-Money-Exchange/ Comments on Ask MetaFilter post Data And Money Exchange Thu, 15 Jan 2009 11:36:55 -0800 Thu, 15 Jan 2009 11:36:55 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://ask.metafilter.com/111755/Data-And-Money-Exchange I need my customers to send me confidential data with a payment. I work for a regulatory agency that currently collects applications in paper based form with a physical signature including a check for payment. We would like to implement a industrial strength 'e-filing' solution. Where do I start? My Google-Fu and Delicious-Fu are failing me. I need to find information on 2009 best practices for capturing data ( e-forms, rest, edi ), identity management, security ( digital certs, etc ), and payment gateways ( direct debit, credit cards ). I also need to know what vendors are leading in these spaces. I am not really looking for a 'e-commerce' solution. I am looking for a 'secure electronic forms submission with payments and non-repudiation' solution. My company would need to host this in our data center. I would like to offer my customers multiple ways to submit and pay. post:ask.metafilter.com,2009:site.111755 Thu, 15 Jan 2009 10:38:40 -0800 kaizen efiling eforms ecommerce digitalcertificates ssl payment http://ask.metafilter.com/111755/Data-And-Money-Exchange#1606690 This is a pretty tall order. Sounds like it's worth spending a few bucks + hours on an independent consultant who has implemented several of these systems before. Can you ask staff at any sister agencies with similar needs how they have implemented their solutions? comment:ask.metafilter.com,2009:site.111755-1606690 Thu, 15 Jan 2009 11:36:55 -0800 benzenedream http://ask.metafilter.com/111755/Data-And-Money-Exchange#1606792 If you'll be storing customer credit card information you need to be intimately familiar with <a href="https://www.pcisecuritystandards.org/">PCI Security Standards</a>, at the very least. comment:ask.metafilter.com,2009:site.111755-1606792 Thu, 15 Jan 2009 13:12:53 -0800 odinsdream http://ask.metafilter.com/111755/Data-And-Money-Exchange#1607333 Yeah, this is tough to do by yourself. It would be best to bring in a consultant who knows the best practices for doing this. Case in point: My state implemented a web page to renew your car's license tabs and pay with a credit card. It operated for a couple of years until an insecurity was noticed and the page was taken down. Big stories in the news, big public awareness. So the question you have to ask yourself is, do you want to be responsible for building web page that isn't as secure as it's supposed to be, and have to face the damage that does to your career? comment:ask.metafilter.com,2009:site.111755-1607333 Thu, 15 Jan 2009 21:56:32 -0800 exphysicist345