TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   MySQL & Databases (http://www.talkphp.com/mysql-databases/)
-   -   store credit card info (http://www.talkphp.com/mysql-databases/3841-store-credit-card-info.html)

ahlofan 01-07-2009 10:26 AM
store credit card info
 
Is it a bad idea to store credit card information in database? Or what about if i encrypt the information? And I kind of heard that storing credit card info is illegal? isn't it?:-/

Wildhoney 01-07-2009 11:57 AM
Yes, that's illegal. PayPal amongst others will be the answer regarding this.

KingOfTheSouth 01-07-2009 09:56 PM
Yes it is plus a very bad idea anyway. If the database were to be hacked then there would be all kinds of information for the hacker to use. If someone buys credits or subscription on my site all I get is a transaction ID from Paypal and date it was bought and all that...

Dr John 01-08-2009 09:54 AM
Legally, you'd have to start by applying to the Data Registar for permission to do this, you'd have to tell the user that you stored this data, then you'd have to make it VERY secure, then you become a hackers' target when your site's privacy policy states you do this, then you lose customers who are worried you'll lose their data, then you go out of business...

Other than just names, address, tel nos, membership details (for a club), and a few other simple things (employee details for example, or sales details), you need to speak to the Data Registrar to store personal info. And even the above may soon require you to be registered.

So credit cards - not a good idea

wjgilmore 06-11-2009 10:18 PM
Ditto what the others said, doing so will make you ripe for a lawsuit unless you go through the very stringent requirements for storing cards. For instance, here's VISA's policy: www.visa.com/cisp/

Hightower 06-12-2009 08:43 AM
So how do other companies do it? I have a hosting account for example, and I know for a fact my details are stored because when I have a bill to pay the details are already there, I just have to enter the security code on the back of the card.

Runar 06-12-2009 08:48 AM
My company does the same, Hightower. They are using a secure connection when displaying my information, but I am not sure how they store my data.

wjgilmore 06-12-2009 12:57 PM
Hi,

They do it by complying with the stringent measures as determined by the FTC (in the US, anyway) and the PCI rules as defined by the credit card companies. If your only goal is to accept credit card payments, the easiest way is to keep the credit card info for only long enough to complete the payment (which should be near instantaneous when working with a payment gateway or PayPal). If the customers makes a subsequent purchase, simply require him to enter the credit card info anew. While doing so is a minor hassle, it's far less so than having to deal with a stolen credit card.

Hope this helps!
Jason


All times are GMT. The time now is 11:42 PM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0