I want to make sure I collect user input for CIM in line with best practise. Would someone mind sharing their experience?
1) Not all cards have expiration dates so this is an optional field. Should I have a card type dropdown that hides/reveals dynamically required fields such as Card Code and Expiration Date?
2) I have a very strong SSL certificate, but should I also veil the Card Code field like a password field? If yes, are there any other fields that should be treated in this manner?
3) The payment form is hidden if the HTTPS protocol is not being used, as an additional safeguard. (The page forces HTTPS anyhow).
4) Any other tips/pointers?
1)that or if you really want to, use this to http://en.wikipedia.org/wiki/Bank_card_number figure out if cardcode and expiration date is required.
2)Do you mean saving it on your database or just * it out on the input?
3)Yes payment form need to be in https