 |  |  |  |  |  |  |  |
Where should I save credit card data?
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
Thread Solved |
Hello,
Is it okay to save credit card data in the database. I know it will be password protected but still, it will be a disaster if someone ever hacks in. How do real world companies(mine is school project) save their customer's credit card information? Thank you in advance.
Is it okay to save credit card data in the database. I know it will be password protected but still, it will be a disaster if someone ever hacks in. How do real world companies(mine is school project) save their customer's credit card information? Thank you in advance.
•
•
Join Date: Dec 2007
Posts: 252
Reputation: 
Solved Threads: 27
Posting Whiz in Training
you can store the data in the db but you definatly need to encrypt. i would suggest not even storing it personally. But that is just me.
defenetly you have to secure the data while you accessing the database through queries
better you make ssl on while you accessing the database, and also just use a random textfield as a hidden value in the post and you check it for authorization whether it is coming from fine navigation or not
better you make ssl on while you accessing the database, and also just use a random textfield as a hidden value in the post and you check it for authorization whether it is coming from fine navigation or not
•
•
Join Date: Dec 2007
Posts: 252
Reputation:
Solved Threads: 27
Posting Whiz in Training
i will agree with that. more secure the better if its being stored. didnt really think having a SSL setup was needed since it is a class project but if its live it is a must have.
Well as a majority companies dont store creditcard information with them as it is a big security risk and isnt safe. For example many companies use a merchant account from providers like Paypal, therefore Paypal takes care of the payment and the company need not store any details of the customer's credit card
•
•
Join Date: Jun 2007
Posts: 1,227
Reputation:
Solved Threads: 167
from what I have been told, storing credit card numbers without encryption is illegal. I would recommend not storing them at all. ever.
Last edited by kkeith29; May 29th, 2008 at 2:46 pm.
Thanks for all your replies. hivenk: Please elaborate. Do want me to create a hidden in the user form and fill it with random data? And check it when the form is submitted?
What do I have to do as a php programmer to ensure that the data is being transmitted over ssl?
I don't have to collect credit card data if the customer is paying with paypal. But I have to collect it (requirement) when the customer is paying with a credit card. How do I ensure that data is being sent over ssl when I send the data to the bank or whomever.
What kind of encryption are we talking about?
Thanks again.
What do I have to do as a php programmer to ensure that the data is being transmitted over ssl?
I don't have to collect credit card data if the customer is paying with paypal. But I have to collect it (requirement) when the customer is paying with a credit card. How do I ensure that data is being sent over ssl when I send the data to the bank or whomever.
What kind of encryption are we talking about?
Thanks again.
Last edited by ryy705; May 29th, 2008 at 2:34 pm.
Well, in order to ensure data is being sent over a secure environment, you will have to purchase a SSL Certificate and then lets say the billing system (where you take information and all of the customer) is under a sub-domain say for example billing.domain.com
I would suggest you purchase a SSL Certificate for that subdomain and using the .htaccess file force all connections via that subdomain to use the https prefix... so, no matter what, all links, forms, etc... under that subdomain will be forced to use SSL Connection (HTTPS) therefore securing and encrypting your data.
Normally a SSL Certificate uses strong 128/256 bit encryption.
Hope this helps you.
I would suggest you purchase a SSL Certificate for that subdomain and using the .htaccess file force all connections via that subdomain to use the https prefix... so, no matter what, all links, forms, etc... under that subdomain will be forced to use SSL Connection (HTTPS) therefore securing and encrypting your data.
Normally a SSL Certificate uses strong 128/256 bit encryption.
Hope this helps you.
Last edited by djnzak; May 29th, 2008 at 3:10 pm.
 |
Similar Threads
- [For Hire] Freelance phpBB Installation Services (Post your Resume)
- memory management in wndows 2000 (Windows NT / 2000 / XP)
- Random Web Site Redirects (Viruses, Spyware and other Nasties)
- [For Hire] Freelance phpBB Installations - Low Prices (Post your Resume)
- Timming Role in Exchanging Tranditional Commerce to E-commerce (eCommerce)
- w32\alemod.e.dll removal - help! (Viruses, Spyware and other Nasties)
- iSearch Spyware (Viruses, Spyware and other Nasties)
Other Threads in the PHP Forum
- Previous Thread: inserting row data from one table into a new table
- Next Thread: i need help please
| Thread Tools | Search this Thread |
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for PHP
.htaccess access ajax apache api array beginner binary body broken cakephp checkbox class cms code cron curl database date date/time directory display download dynamic echo email error file files folder form forms function functions google href htaccess html image include insert integration ip java javascript joomla limit link list login loop mail menu mlm mod_rewrite msqli_multi_query multiple mycodeisbad mysql oop parse paypal pdf php problem query radio random recourse recursion regex remote script search seo server sessions sms soap source space sql static structure syntax system table tutorial update upload url validation validator variable video web webdesign wordpress xml youtube
