ndjustin20 Posted April 30, 2008 Share Posted April 30, 2008 Hey Guys, Have a question that has been plagueing me as of late. Do I store credit card info or not? If the answer is yes then what is the best and most secure way to store credit card information. I have a secure server and a secure database so I was wondering what other precautions I should take specifically designed to keep people's credit card information secure. Thank you for all replies and advice. Justin ??? Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/ Share on other sites More sharing options...
revraz Posted April 30, 2008 Share Posted April 30, 2008 I would say a big NO unless you want to face a serious lawsuit if your DB ever gets hacked. Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530360 Share on other sites More sharing options...
The Little Guy Posted April 30, 2008 Share Posted April 30, 2008 If you want to store them, then you will more than likely want to make your OWN encode/decode scripts, so if it does get hacked the hacker will need to figure out your patterns for encoding/decoding. Next You will want to encode your source code that contains the information on how you encode/decode credit card info. You will want to store that encoder/decoder outside of the root folder, so it is not accessible via browser. Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530366 Share on other sites More sharing options...
ndjustin20 Posted April 30, 2008 Author Share Posted April 30, 2008 You know that is funny A lot of people have said that same thing....lets say I have a company that manages my server and physically views the logs keeping a tight eye on security. Would your position still be don't do it? I only ask as there are so many companies that do store this information and seemingly don't have problems. I am torn between security and customer convenience. Also, as most every single person on this site or in this forum are in some way, shape, or form an online customer.....what do you think about entering in your credit card information each purchase from a site or having the site keep the data stored for you??? Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530371 Share on other sites More sharing options...
ndjustin20 Posted April 30, 2008 Author Share Posted April 30, 2008 Thank you "The Little Guy", I have been searching with google and this site and pretty much just going through any information I come across in regard to php or mysql encryption. Are there any functions that anyone has used in the past that have worked really well for encrypting the credit card number. Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530375 Share on other sites More sharing options...
The Little Guy Posted April 30, 2008 Share Posted April 30, 2008 I think those sites store your credit card info in a cookie, that way it is on your computer. But I am not sure. Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530377 Share on other sites More sharing options...
revraz Posted April 30, 2008 Share Posted April 30, 2008 I would prefer to enter it each time. And from a Company standpoint, now you also have to manage when they expire, and if you don't and try to run it, you get rejections and if I recall correctly, you still get charged a transaction fee for running it even if it is expired. Are you providing reoccuring services (monthly etc) or some type of store front? Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530378 Share on other sites More sharing options...
The Little Guy Posted April 30, 2008 Share Posted April 30, 2008 Thank you "The Little Guy", I have been searching with google and this site and pretty much just going through any information I come across in regard to php or mysql encryption. Are there any functions that anyone has used in the past that have worked really well for encrypting the credit card number. Don't use PHP's built in encryption, use your own. Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530379 Share on other sites More sharing options...
revraz Posted April 30, 2008 Share Posted April 30, 2008 Hope you won't have to face something like this http://www.bestsecuritytips.com/news+article.storyid+146.htm Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530381 Share on other sites More sharing options...
ndjustin20 Posted April 30, 2008 Author Share Posted April 30, 2008 I am providing a storefront so that is why I was thinking inside their customer account I could store credit cards but have heard not to do this as it's a huge hassle and not worth the security risk. I personally don't mind entering in my credit card information each time I purchase though I wasn't sure about other people so I figured I would ask. Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530384 Share on other sites More sharing options...
ndjustin20 Posted April 30, 2008 Author Share Posted April 30, 2008 Hey revraz, Yeah I remember that happening too. I actually shopped there that christmas and had to cancel my accounts...so yep I am well versed in that particular incident So the best idea is to not store the information it sounds like? Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530387 Share on other sites More sharing options...
The Little Guy Posted April 30, 2008 Share Posted April 30, 2008 yeah, not the best idea, have some other company do that, then you aren't responsible. Link to comment https://forums.phpfreaks.com/topic/103569-solved-storing-credit-card-information-yes-or-no/#findComment-530390 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.