everurssantosh Posted September 3, 2008 Share Posted September 3, 2008 Hi, I am working for a Hotel Management Project. This application is developed in PHP and hosted in a public server. As Is: Now, We are doing reservation for the hotels ( Our Customers ). The Guests who will book their rooms in our site have two modes of payment. 1. Reservation by Gurantee. 2. Reservation by Credit Card. For the second type of reservation ( Credit Card ), we need to take the credit card number from the guest and send it across to the customer in order to process the payment. The customer will not process the payment immediately, but they will keep the credit card number with them until the guest reach the hotel. They will also verify the identity of the Guest, by the credit card number, address and name from the bank. But if the Guest doesnt show up until the check in date and the reservation is to expire, the Customer will process the payment with the credit card as a penalty of the wrong reservation. This will be done by the customer and we dont take any responsibility for this. To Be : We need to store the credit card number in our database. Also we need to send the credit card number to the customer. These two actions are not very safe and adviced by anybody. I have consulted the hosting company where we host our server, but they are not going to take any responsibility of the credit card numbers. As the server is a shared server and many other sites are hosted in the same server, I feel there is a pontential amount of risk involved in the action. I am thinking to encrypt the credit card numbers and store them in the database. and we can provide the customer the credit card number by phone after verifing the identity. But still I feel risk. Kindly help me to find answers to my following questions. 1. Is it illegal to store the CC number in database? 2. If No, Do we need to have any permission for any organization to do so? 3. I know the simple encryption technique to use, but can anybody suggest some stong encryption technology? I use PHP and mySQL. Please help me in this regard. Any help for this problem is highly appreciated. Thank you Very Much Santosh Quote Link to comment https://forums.phpfreaks.com/topic/122523-solution-for-credit-card/ Share on other sites More sharing options...
PFMaBiSmAd Posted September 3, 2008 Share Posted September 3, 2008 Your merchant account that you use to process the credit cards will have a list of requirements that you must follow (or void you agreement with them) when storing CC numbers. These typically involve dedicated servers with restricted physical access and what type of encryption must be used. Start by checking with your merchant account provider. He may not permit you to store CC numbers at all. Quote Link to comment https://forums.phpfreaks.com/topic/122523-solution-for-credit-card/#findComment-632659 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.