Hi Will & All, Both of these questions can and should be addressed by a method and service hat is built specifically for it. In this case, a proper payment gateway service attached to a Card Not Present merchant account is simply the most secure and reasonable way to accomplish these requirements. I'll use Authorize.net as my example. First, recurring billing is a feature that may be implemented for an additional $10.00 per month. It is referred to as "Automated Recurring Billing" or simply "ARB" for short. Secondly, there are various modes of credit card capture available. When you refer to a card being charged immediately, this is known as "Authorize and Capture". Technically, the funds are not even withdrawn until batch settlement occurs (as in the case of Authorize.net) which happens at the end of the day. That means that if the client needed to void the transaction and did so before batch settlement, they would avoid a costly chargeback (a chargeback is a (roughly) $30 processing fee to reverse transactions that have already "hit" the card, if you will). The end of the day is 4:00pm based on Mountain Standard Time for Authorize.net and will vary based on which Payment gateway service you use. That means you would have up until 6:00pm to reverse a transaction with no additional cost. If you would prefer to not capture a card immediately, then the mode to use is simply "Authorize" and is a standard feature offered by providers such as Authorize.net. Then, once product fulfillment can be guaranteed, simply log into the merchant account and capture the payment. Now, to address the third issue which actually does not seem to have been brought up directly - PCI - DSS standards. This is perhaps the most important reason to encourage your client to invest in a proper payment gateway service provider. In the wake major security breaches (think of the T.J. Maxx debacle where the billing information of millions of clients was stolen), The Payment Card Industry banded together to create a universal set of data security standards which would help to reduce the risk of credit card fraud and therefore reduce the cost of processing credit card transactions. By working with a reputable payment gateway service provider, you are ensuring that transactions are meeting these standards. You should look for a provider that is compliant with the latest pci data security standards. Finally, you must ensure that your e-commerce system does not store a full credit card number. The gateway will do this for you if necessary (as is the case with Authorize-only style transactions) though they protect that information so that no one could log in and take a customer's payment information for their own fraudulent use. In fact, with these standards in place and when they are followed correctly by a compliant service provider, they are much more secure than using your card in a traditional way, where prying eyes can simply copy your credit information when you pay for something! So, really, the answer to all these questions is quite clear - leave it to the professionals and encourage your client not to try and save a buck when it comes to payment security and features. The last thing they need is to have their card processing services revoked or lawsuits because they wanted to save a measly 40 or 50 bucks a month. Gateway providers have the functionality needed to run an online business, and they worry about the risks of transmitting storing and processing so you don't have to. When you look at the cost of these services, remember that they are taking the risk off your shoulders as much as they can, and that is a great value for the monthly cost. For more information on PCI-DSS standards, follow this link: https://www.pcisecuritystandards.org/ Regards, Fred Bliss >1. The need to make recurring installment payments on a purchase >2. They do NOT want to use a service that charges the card immediately - even though it might be more secure - because they need to insure that the item being purchased (for example, registering for a class) is both appropriate for and still available. Once approval is made the CC transaction is run. Clients that have used services that charge the card immediately in this type of situation report having to reverse up to 25% of the charges for various reasons, which is a real waste of time. Will Loving wrote: > ** The author of this post was a Good Dobee. > ** You too can help the group > ** Fill out the survey/skills inventory in the member's area. > ** If you did, we all thank you. > > > I've been following this thread with some interest as I'm needing to address > some similar issues. A couple of reasons why I know some clients might want > to store the CC information are: > > 1. The need to make recurring installment payments on a purchase > > 2. They do NOT want to use a service that charges the card immediately - > even though it might be more secure - because they need to insure that the > item being purchased (for example, registering for a class) is both > appropriate for and still available. Once approval is made the CC > transaction is run. Clients that have used services that charge the card > immediately in this type of situation report having to reverse up to 25% of > the charges for various reasons, which is a real waste of time. > > If someone has experience with either of these scenarios I would be > interested in hearing your thoughts... > > Will > > Will Loving, President > Dedication Technologies, Inc. > >