[Forminator Pro] Forminator accepting sensitive data

Hi there,
Assuming I have SSL activated on the site with Forminator, would it be okay to accept "sensitive data", for example credit card info? I have a service where I create a CRM account for my clients and need their payment info in order to so. So my forminator form would NOT be processing any payments, simply collecting the data securly for me to manually register their account with the CRM service. I wasn't sure if this is frowned upon or not. Obviously the site already has SSL activated. Thoughts?

  • Adam Czajczyk

    Hi twinsmagic

    I hope you're well today and thank you for your question!

    That's a great question but I don't think it's a matter of using Forminator of any other form plugin and having SSL or not. The main concern here would be law issues in my opinion. I'm not an expert in that area but as to my knowledge in most collecting credit card details in that would might actually violate some laws or at least banks/credit card issuers regulations.

    To be able to do it you'd need to be PCI compliant (and probably also meet some other, legal requirements) and there are different levels of it. If you don't store credit card data, that's fairly easy and in fact having the site properly secured, an SSL protocol implemented and the "legit" payment gateway used on site - should be enough (apart of other things like company being officially registered etc). But if you do store credit card data and process them that might become much more complex and quite costly too from what I know.

    There's more information about PCI Compliance here:

    https://www.pcicomplianceguide.org/faq/

    I realize that many companies do ask you to add your credit card data that they seem to store - and they often do (such as e.g. Airbnb or Netflix and similar) - but they are usually big companies that not only took care of all the necessary "tech" and legal requirements but also rarely do process any of that data on their own as they are also using solutions/techonolgies from their partners to process payments.

    To sum it up, due to a legal reasons and possible responsibility in case of any "data leak", personally, I wouldn't risk storing customers' credit card data. Instead I'd use payment gateway.

    But that being said, please note that I'm not a lawyer and we, as a company, are also not a "law company" so what I wrote above is according to my knowledge but please consider it my personal opinion only. Please do consult a professional lawyer about the case.

    Kind regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.