Is it a bad idea to store credit card information in database? Or what about if i encrypt the information? And I kind of heard that storing credit card info is illegal? isn't it?

__________________
Aaron, the creator of Amhulio

Yes, that's illegal. PayPal amongst others will be the answer regarding this.

__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.

Yes it is plus a very bad idea anyway. If the database were to be hacked then there would be all kinds of information for the hacker to use. If someone buys credits or subscription on my site all I get is a transaction ID from Paypal and date it was bought and all that...

Legally, you'd have to start by applying to the Data Registar for permission to do this, you'd have to tell the user that you stored this data, then you'd have to make it VERY secure, then you become a hackers' target when your site's privacy policy states you do this, then you lose customers who are worried you'll lose their data, then you go out of business...

Other than just names, address, tel nos, membership details (for a club), and a few other simple things (employee details for example, or sales details), you need to speak to the Data Registrar to store personal info. And even the above may soon require you to be registered.

So credit cards - not a good idea

__________________
www.kidneydialysis.org.uk

Ditto what the others said, doing so will make you ripe for a lawsuit unless you go through the very stringent requirements for storing cards. For instance, here's VISA's policy: www.visa.com/cisp/

__________________
==
Author, "Easy PHP Websites with the Zend Framework"
http://www.easyphpwebsites.com

So how do other companies do it? I have a hosting account for example, and I know for a fact my details are stored because when I have a bill to pay the details are already there, I just have to enter the security code on the back of the card.

__________________
Hightower's Softpolio

My company does the same, Hightower. They are using a secure connection when displaying my information, but I am not sure how they store my data.

Hi,

They do it by complying with the stringent measures as determined by the FTC (in the US, anyway) and the PCI rules as defined by the credit card companies. If your only goal is to accept credit card payments, the easiest way is to keep the credit card info for only long enough to complete the payment (which should be near instantaneous when working with a payment gateway or PayPal). If the customers makes a subsequent purchase, simply require him to enter the credit card info anew. While doing so is a minor hassle, it's far less so than having to deal with a stolen credit card.

Hope this helps!
Jason

__________________
==
Author, "Easy PHP Websites with the Zend Framework"
http://www.easyphpwebsites.com