gotts Posted September 14, 2008 Share Posted September 14, 2008 Hi, I need some serious advice. A client wants me to create a page for him where users can enter credit card details in order to pay for a specific service. The problem is that the client doenst want it paid and processed immediately and therfore things like paypal are not an option. I know there are many major concerns in storing CC information but I thought of a possible solution and I wanted some feedback: Ofcourse using a SSL connection a page will accepts all user details including Credit Card details. PHP wil lthen split the CC number into two parts - The First 12 digits (Part 1) and the last 4 digits (Part 2) A randomly password will then be generated and used to encrypt Part 1 and then Part 1 and all other user details will be stored in mysql database. Another random password will be generated to encrypt Part 2 of CC - the PASSWORD will be stored in the database and Part 2 together with the Expiry date of CC and a userid (generated after inserting above record into DB ) will be EMAILED to the site adminstrator. Also the password from Part 1 will be included in the email. The adminstrator on receiving the email will login to the page and provide to a ssl webpage form the designated USERID, Password for Part 1,Expiry date of Credit Card and the encrypted Part 2. Php will then do the rest - find the record in DB and decrypt both part 1 and part 2 and display all information to user. User will then do a manual credit card process and then all data is deleted from database. I know this is clumsy but my client doesnt mind and it seems like the safest option to me. No full CC number stored on any database. No generally stored password which could be compromised etc. Please give me feedback. Thanks so much. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.