Make a datafield superdooper secure?

[wmguk]

hey,

 

I have installed an SSL certificate, and need someway to deal with credit cards, now i have some ideas, but I havent started yet, I hate the idea of my card details being emailed to the seller, and sitting in email, and then printed out and etc etc...

 

so I was thinking, set up a table, encode the details on entry, send an email saying you have an order (not sending the card details anywhere) then log in to the SSL to access a php page - decode the info and that shows the card details.

 

enter the card details in the POS terminal and then press the delete record button - poof, card details gone....

 

How would you deal with this, as an online terminal is out of the question at the moment...

what type of encryption would you use? There must be a safe way to do this?

 

Thanks for any advice

[virtual_odin]

I am wondering why you want to do this yourself rather than use paypal or one of the other payment systems.  I use paypal myself and their back-end integration is pretty straightforward once you find the bit that works for you (they have to cater for so many, that bit was something of a trial, but I made it in the end).  That way your customers have a reputable service to whom they give their details and you get payment and a confirmation but no credit card details to worry about.

[Sulman]

i can understand why you would want your own payment pages, they look more "proffesional" than paypal, google etc but why are you storing the cc details? If you are storing them so the user can then manually put the card through then the user will no doubt have a bank merchant account i order to do this. If that's the case then you chould probably think about signing up for the banks online payment tools.

[discomatt]

Doing your own payment structure is very, very risky. Make sure you know _exactly_ what you're doing before requesting someone's credit card number.