Jump to content

[SOLVED] Storing Credit Card Information [YES] or [NO]


ndjustin20

Recommended Posts

Hey Guys,

 

Have a question that has been plagueing me as of late.  Do I store credit card info or not?  If the answer is yes then what is the best and most secure way to store credit card information.  I have a secure server and a secure database so I was wondering what other precautions I should take specifically designed to keep people's credit card information secure.

 

Thank you for all replies and advice.

 

Justin ???

If you want to store them, then you will more than likely want to make your OWN encode/decode scripts, so if it does get hacked the hacker will need to figure out your patterns for encoding/decoding.

 

Next You will want to encode your source code that contains the information on how you encode/decode credit card info.

 

You will want to store that encoder/decoder outside of the root folder, so it is not accessible via browser.

You know that is funny  ;D   A lot of people have said that same thing....lets say I have a company that manages my server and physically views the logs keeping a tight eye on security.  Would your position still be don't do it?  I only ask as there are so many companies that do store this information and seemingly don't have problems.  I am torn between security and customer convenience.  Also, as most every single person on this site or in this forum are in some way, shape, or form an online customer.....what do you think about entering in your credit card information each purchase from a site or having the site keep the data stored for you???

Thank you "The Little Guy",

 

I have been searching with google and this site and pretty much just going through any information I come across in regard to php or mysql encryption.  Are there any functions that anyone has used in the past that have worked really well for encrypting the credit card number.

I would prefer to enter it each time.

 

And from a Company standpoint, now you also have to manage when they expire, and if you don't and try to run it, you get rejections and if I recall correctly, you still get charged a transaction fee for running it even if it is expired.

 

Are you providing reoccuring services (monthly etc) or some type of store front?

Thank you "The Little Guy",

 

I have been searching with google and this site and pretty much just going through any information I come across in regard to php or mysql encryption.  Are there any functions that anyone has used in the past that have worked really well for encrypting the credit card number.

 

Don't use PHP's built in encryption, use your own.

I am providing a storefront so that is why I was thinking inside their customer account I could store credit cards but have heard not to do this as it's a huge hassle and not worth the security risk.  I personally don't mind entering in my credit card information each time I purchase though I wasn't sure about other people so I figured I would ask.

Hey revraz,

 

Yeah I remember that happening too.  I actually shopped there that christmas and had to cancel my accounts...so yep I am well versed in that particular incident  ;D    So the best idea is to not store the information it sounds like?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.