7-8-09 need opinions / ideas on best way to design an online conference registration site

> I am in the "thinking" phase of creating an online conference  
> registration site that has these criteria:
>
> As part of your registration, users must:
> - login as either an existing "member"
> or
> - create a new member record
>
> Users can purchase:
> - a "package"
> - a la carte
> - a mixture of package and a la carte  (if you do this then some of  
> the a la carte items have different prices)
>
> And - maybe - still to be decided:
> - different kinds of existing members pay different prices
>
> Each registration item has a limited quantity and as spots are  
> filled the item becomes less available.  Spots can be filled via  
> "package" or "a la carte" or the mixture of package and a la carte  
> registrations.
>
>
> And,
> - at "checkout" the member's credit card information needs to be  
> captured but NOT submitted to the credit card processor (they do  
> that manually in house and keep the cc info in electronic form until  
> it has been manually processed - not changing this process)
>
>
> Another thing might be:
> - a form to edit your contact info
>
>
> The web site will use Lasso and must write to their existing  
> FileMaker database.
>
>
> Currently I'm thinking of doing something similar to:
>
> https://www.toastmasters.org/convenreg/
>
>
> But am looking at all options.  Looking for any suggestions on the  
> entity relationship design, web design, etc.
>
>
> THANKS IN ADVANCE for your comments!
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "It's better to burn out than to fade away."
>
> Tami Williams
> Creative Computing
> Improve, manage and unify data with custom database and web  
> applications.
> FileMaker and Lasso specialist.
>
> Tel: 770.457.3221
> Fax: 770.454.7419
> E-Mail: tami@...
> Web: http://www.asktami.com
>
> FileMaker Solutions Alliance Associate | Lasso Professional Alliance  
> Member
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

> On Wednesday, July 8, 2009, lasso@... (Tami Williams)  
> pronounced:
>
>> - at "checkout" the member's credit card information needs to be
>> captured but NOT submitted to the credit card processor (they do that
>> manually in house and keep the cc info in electronic form until it
>> has been manually processed - not changing this process)
>
> Just on this point, and if the client has an Authorize.net account,  
> you don't have to store the PAN on the client system.  The A.net  
> gateway returns a response with a transaction ID which can be used  
> later for capturing authorized funds (usually within 30 days).  
> Just store the transaction ID in FM, then submit the transaction  
> again as a PRIOR_AUTH_CAPTURE.
>
> You could go even further with CIM instead of AIM, where you can  
> store customer profiles, credit card numbers and shipping profiles  
> on Authorize.net servers instead of the client's.
>
> --steve
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy               Web Site Builder               Soquel, CA
> <web@...>                  <http://www.StevePiercy.com/>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

>The thing is they don't want any kind of transaction done (not even  
>Auth_Only) by an automated system of any kind.  They don't want to  
>pay for any transactions except the ones they manually do themselves.
>
>
>On Jul 8, 2009, at 6:13 PM, Steve Piercy - Web Site Builder wrote:
>
>> On Wednesday, July 8, 2009, lasso@... (Tami Williams)  
>> pronounced:
>>
>>> - at "checkout" the member's credit card information needs to be
>>> captured but NOT submitted to the credit card processor (they do that
>>> manually in house and keep the cc info in electronic form until it
>>> has been manually processed - not changing this process)
>>
>> Just on this point, and if the client has an Authorize.net account,  
>> you don't have to store the PAN on the client system.  The A.net  
>> gateway returns a response with a transaction ID which can be used  
>> later for capturing authorized funds (usually within 30 days).  
>> Just store the transaction ID in FM, then submit the transaction  
>> again as a PRIOR_AUTH_CAPTURE.
>>
>> You could go even further with CIM instead of AIM, where you can  
>> store customer profiles, credit card numbers and shipping profiles  
>> on Authorize.net servers instead of the client's.
>>
>> --steve
>>
>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>> Steve Piercy               Web Site Builder               Soquel, CA
>> <web@...>                  <http://www.StevePiercy.com/>
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
>
>--
>This list is a free service of LassoSoft: http://www.LassoSoft.com/
>Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

> Does their merchant account charge them for an AUTH_ONLY  
> transaction?  I assume that the gateway and merchant account fees  
> are less than $0.50 total for that type of transaction, whereas for  
> a PRIOR_AUTH_CAPTURE then the percentage (qualified discount rate  
> around 2-5% of the transaction amount) kicks in.  Maybe I'm wrong  
> and maybe it depends on the merchant account provider, but it would  
> be worth verifying.
>
> I would argue that it makes sense to place an AUTH_ONLY when the  
> order is submitted for these reasons:
>
> (1)  The authorization holds the funds on that card immediately if  
> available, else informs the customer of an error.
>
> (2)  Avoids storing PAN on systems that may be vulnerable to  
> security breaches, so it limits the client's exposure to risk and  
> liability.
>
> (3)  The AUTH_ONLY would be stored in a facility immediately so  
> that the data could be recovered in the future in case of a  
> disaster with the client's internal system.
>
> Sometimes walking a client through scenarios of what would happen  
> when PAN is stolen, or if their internal systems fail (hard drive  
> failure and no RAID, no backup), is enough to sober them up and  
> realize that hope is a lousy security policy.
>
> --steve
>
>
> On Wednesday, July 8, 2009, lasso@... (Tami Williams)  
> pronounced:
>
>> The thing is they don't want any kind of transaction done (not even
>> Auth_Only) by an automated system of any kind.  They don't want to
>> pay for any transactions except the ones they manually do themselves.
>>
>>
>> On Jul 8, 2009, at 6:13 PM, Steve Piercy - Web Site Builder wrote:
>>
>>> On Wednesday, July 8, 2009, lasso@... (Tami Williams)
>>> pronounced:
>>>
>>>> - at "checkout" the member's credit card information needs to be
>>>> captured but NOT submitted to the credit card processor (they do  
>>>> that
>>>> manually in house and keep the cc info in electronic form until it
>>>> has been manually processed - not changing this process)
>>>
>>> Just on this point, and if the client has an Authorize.net account,
>>> you don't have to store the PAN on the client system.  The A.net
>>> gateway returns a response with a transaction ID which can be used
>>> later for capturing authorized funds (usually within 30 days).
>>> Just store the transaction ID in FM, then submit the transaction
>>> again as a PRIOR_AUTH_CAPTURE.
>>>
>>> You could go even further with CIM instead of AIM, where you can
>>> store customer profiles, credit card numbers and shipping profiles
>>> on Authorize.net servers instead of the client's.
>>>
>>> --steve
>>>
>>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
>>> Steve Piercy               Web Site Builder               Soquel, CA
>>> <web@...>                  <http://www.StevePiercy.com/>
>>>
>>> --
>>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>>
>>>
>>
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy               Web Site Builder               Soquel, CA
> <web@...>                  <http://www.StevePiercy.com/>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

> Can we get some shirts screenprinted?
>
> On Jul 8, 2009, at 6:42 PM, Steve Piercy - Web Site Builder wrote:
>
>>  hope is a lousy security policy.
>
> Brian Loomis
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>