Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Regular Coder
    Join Date
    Aug 2002
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Storing credit card details

    Is anyone here familiar with general guidelines, or regulations in the US for a website that wants to store credit card details (i.e. in a mysql database).

    Is it just not allowed in general or does it depend entirely upon the bank that the client is with and the online payment processor used.

    Appreciate any info

  • #2
    Regular Coder
    Join Date
    Mar 2007
    Location
    UK
    Posts
    151
    Thanks
    9
    Thanked 2 Times in 2 Posts
    i looked at storing credit card details in mySQL a couple of months ago and from what i can remeber you are allow to store details but the details HAVE to be encrypted or you can get arrested / sued under the data protection act, also the connection must be secure so your address has to have https:// in.

    Storing credit card details isnt a very good idea, so it is easy for a third party company to store them e.g. Paypal.
    Last edited by tyanque; 11-29-2007 at 05:40 PM.

  • #3
    Regular Coder
    Join Date
    Aug 2002
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the info there!

    I checked the 'data protection act'
    http://en.wikipedia.org/wiki/Data_Protection_Act

    it appears to be a UK thing so it wouldn't affect the US would it?

  • #4
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,638
    Thanks
    2
    Thanked 404 Times in 396 Posts
    No matter what the law is, it's a bad idea to store credit card details on your server because they can be stolen, and you can be held liable.. You shouldn't store them, but if you do you need to make it optional, and notify the user that you're storing their details. And you need to encrypt them with a strong cipher like the previous poster suggested.

  • #5
    Regular Coder
    Join Date
    Aug 2002
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for all the advice.

    Storing credit card details isnt a very good idea, so it is easy for a third party company to store them e.g. Paypal.
    Ok, I've been reading this morning and also some gateways like authorise.net apparently offer this as well. This is probably the answer

  • #6
    Regular Coder
    Join Date
    Mar 2007
    Location
    UK
    Posts
    151
    Thanks
    9
    Thanked 2 Times in 2 Posts
    if you are going 2 store credit card details on your web site there is lots of stuff you have 2 consider:
    Quote Originally Posted by meth View Post
    1. Online Credit Merchant banking account with routing number
    2. Credit card transaction gateway account
    3. SSL Certificate/IP for your Domain.
    4. Gateway integration script

    E-Commerce is not something tack on a site with a few lines of code. Banks don't give away online credit merchant accounts; you have to be properly assessed for risk. Gateway accounts are not cheap; service providers either charge a big setup fee or get their money as a percentage of each transaction. SSL certs and dedicated IP addresses add to your hosting overhead. Integrating a transaction gateway into a checkout process isn't for a beginner.
    In my opinion it is alot easier to use paypal :P


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •