Jump to content

Should I store CC numbers in my database?

angelcool

By angelcool
in Application Design

 Share

Recommended Posts

angelcool Member

angelcool

Posted
Posted

Hello community,

 

Should I store CC numbers on my database?

 

I am about 80% done developing a shopping cart, as  of right know I am in the process to integrate the payment gateway, but I am not sure if to store CC numbers in the database.

 

I lack experience, This is my first time integrating a payment gateway.

 

I will appreciate a piece of advise from experience people in the field.

 

Thank You

Angel Cool

 

PS: The link for my cart is as follows:

http://gift-a-cup.10-network.net/shopping_cart/index.php

 

Please note it is still under development.

corbin Regular Member

corbin

Posted
Posted

I've heard there are legal implications with storing credit card numbers, although I don't remember exactly what the laws are.  (It would vary from country to country of course.)

 

 

I think here in the US, one must store CC numbers with a certain strength of two way encryption or something.  I just remember there's some rule.

448191 Advanced Member

448191

Posted
Posted

Always. And setup external root access to your database server and post the password here as well.

 

But seriously, I would just let the client enter the number and control everytime they want to pay something (that's provided you use CC gateway and not PayPal).

 

That safeguards you from any potential session hijacking and fixation issues as well. Well not completely, but you make it a lot less interesting for I-slime to try it.

  • 1 month later...
JohnnyMedic Newbie

JohnnyMedic

Posted
Posted

As stated above that is very unsafe. If you are going to be dealing with cc's; I would simply store the last 4 digits for customer verification. Furthermore, if you feel that you must store the cc's(which is a very unsecure idea); use encryption, such as the blowfish php class or some other scheme and store that info rather than the actual card #. If you are going to do this, make sure to keep that key off of your server on non .php files, etc.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.