Trusting Customers To accept online credit card payments with a minimum level of confidence you need two services: a merchant account - either your own or access to one via a third party - and real time authorisation. Taking credit card payments online for overnight processing is commercial insanity. Anyone can create credit card details which will pass validation checks - including expiry dates - using one of dozens of freely available programs on the Net. In practice, realtime credit card transactions are pre-authorised to a set value provided the vendor checks card numbers against a supplied hot list. Transactions over the limit must be authorised. This doesn't guarantee you'll be paid but it eliminates the more incompetent criminals. Authorisation is a two part process. First the customer sends in the order by secure form (using SSL). The details on the card and the amount are then sent from your server to the authorising company (only larger concerns deal directly with banks). The authorising company runs the check with the card issuing bank then authorises or denies it immediately.