What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Security of website/ Form

    Asked by ultrakr on August 02, 2013 at 06:33 PM

    http://form.jotformpro.com/form/31978407309967

    Above is the sample form I created to register and take payments online. I have embedded the form into my website as source code and clicked the button to secure.

    When I get to the part on 2nd page to pay with credit card. the authorize net payment tool pops up allowing me to input my credit card information. below is the link 'test' on my website.

    http://www.happyfeetla.com/content.cfm?section=1E2814F2-D7CF-4261-B043-CAF596F24840&content_id=1E2814F2-D7CF-4261-B043-CAF596F24840&program_id=49442A2E-CCF1-5CBB-30AD6C80824CE3F3

    At this point as the customer is putting their information in the page is not secure.

    When I go ahead and do pay, the payment is accepted and I get this customized thankyou message that I created:

    https://submit.jotformpro.com/submit/31978407309967/ -

    I realize that you will not be able to see it so i took a picture and have it below.

     

    SO MY QUESTION IN ALL OF THIS... are my customers secure when making a payment? I know the payment was accepted by authorize net but I have no way to telling or showing that on the form page it is secure when inputting and submitting credit card information. what can be done? what direction should I go to correct this problem?

    Page URL:
    http://www.happyfeetla.com/index.cfm?program_id=49442A2E-CCF1-5CBB-30A<br/>D6C80824CE3F3

    Screenshot
    problem source message payment tool
  • Profile Image
    JotForm Support

    Answered by tasha_ize on August 02, 2013 at 07:06 PM

    HI,

     

    To ensure the security of your form you need to use a secure URL. For more information on how to do this please review the following link, http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions

     

    Please let us know if you still have any concerns.

     

    Thanks!

  • Profile Image

    Answered by ultrakr on August 06, 2013 at 09:08 PM

    OK, but even if they form is secure, the website does not show that it is https:

     

    So how do I know it is secure or better yet how do my customers know?

  • Profile Image

    Answered by ultrakr on August 06, 2013 at 09:14 PM

    I would really wish to discuss this matter with someone over the phone. I am getting ready to look at a different form creator. It's a little difficult to go back and forth. SSL does not mean PCI compliance so I have feel like I was mislead.

  • Profile Image
    JotForm Support

    Answered by jonathan on August 06, 2013 at 10:33 PM

    @ultrakr

    Hi,

    Update: JotForm is PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team. 

    Sorry but we do not have PCI Compliance Certificate.

    However, we do support SSL submissions and enabled SSL sealed for your secured forms. This would give a greater assurance of security to the form users knowing that transaction sessions may have up to 256-bit encryption strength.

    Just to clarify, SSL is only a part of PCI (Payment Card Industry) requirement. They are not the same thing. Do not be mislead about this. 

    If you are using Authorize.Net, the most you can achieved is the SSL submissions.

    BUT you must also set your website to be able to support SSL.
    Laest I checked your website http://www.happyfeetla.com/ is it does not support SSL.

     

    JotForm do have a pament field that you can use that is PCI compliant. Please check the Stripe Payment integration here . Though Stripe currently supports form US and Canada for now.

    And to let you know ahead (in case you want to try Stripe)

    On stripe forms, the credit card data is sent to the PCI compliant stripe servers on the browsers. So, they never pass through JotForm or your own servers. That's 100% PCI compliant.

     

    Hope this help. Please contact us again anytime should you have further inquiry.

    ----

    Sorry also, but we do not provide over the phone support at the moment. You may continue using this suppor forum and the email for your inquiry.

    Thanks.

     

     

     

     

  • Profile Image
    JotForm Founder

    Answered by aytekin on August 02, 2016 at 09:00 AM

    Update: JotForm is PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team.