I'm trying to accept customer's card then call Paypal's Rest API to make a payment. I see in the PHP sample code, https://github.com/paypal/PayPal-PHP-SDK/blob/master/sample/payments/CreatePayment.php , it kind of assumed a card is known.
My concern is about how to get customer's credit card info SECURELY. If i just use some http input field, would it be vulnerable on the internet? If yes, what should I do to prevent the card from leaking into some hackers hands. Thanks!
PS: I'm using Codeigniter frame work, would be hosted by godaddy Linux server.
PPS: Currently I guess i need to make my payment page a HTTPS, any direction about how to achieve that (if needed) would be appreciated.
You will need to be PCI compliant to process credit card numbers on your end. Payment Card Industry (PCI) security standards are minimum requirements for protecting your customers' payment card information. Adopted by Visa, MasterCard, American Express, Discover Card, and JCB, PCI compliance is required for all merchants that store, transmit, or process payment card information.
More info