View Full Version : Storing credit card details

11-29-2007, 05:19 AM
Is anyone here familiar with general guidelines, or regulations in the US for a website that wants to store credit card details (i.e. in a mysql database).

Is it just not allowed in general or does it depend entirely upon the bank that the client is with and the online payment processor used.

Appreciate any info

11-29-2007, 06:37 PM
i looked at storing credit card details in mySQL a couple of months ago and from what i can remeber you are allow to store details but the details HAVE to be encrypted or you can get arrested / sued under the data protection act, also the connection must be secure so your address has to have https:// in.

Storing credit card details isnt a very good idea, so it is easy for a third party company to store them e.g. Paypal (http://www.paypal.com).

12-03-2007, 02:22 AM
Thanks for the info there!

I checked the 'data protection act'

it appears to be a UK thing so it wouldn't affect the US would it?

12-03-2007, 02:48 AM
No matter what the law is, it's a bad idea to store credit card details on your server because they can be stolen, and you can be held liable.. You shouldn't store them, but if you do you need to make it optional, and notify the user that you're storing their details. And you need to encrypt them with a strong cipher like the previous poster suggested.

12-05-2007, 10:59 PM
Thanks for all the advice.

Storing credit card details isnt a very good idea, so it is easy for a third party company to store them e.g. Paypal.

Ok, I've been reading this morning and also some gateways like authorise.net apparently offer this as well. This is probably the answer

12-05-2007, 11:12 PM
if you are going 2 store credit card details on your web site there is lots of stuff you have 2 consider:

1. Online Credit Merchant banking account with routing number
2. Credit card transaction gateway account
3. SSL Certificate/IP for your Domain.
4. Gateway integration script

E-Commerce is not something tack on a site with a few lines of code. Banks don't give away online credit merchant accounts; you have to be properly assessed for risk. Gateway accounts are not cheap; service providers either charge a big setup fee or get their money as a percentage of each transaction. SSL certs and dedicated IP addresses add to your hosting overhead. Integrating a transaction gateway into a checkout process isn't for a beginner.

In my opinion it is alot easier to use paypal :P