I made an website which i require of the user to enter their credit card details for virtual money transfer inside the website only. I only take the first two numbers of the card in order to detect the Card Type and i take last four because of the UI design.

Is there any chance i can get in trouble with this? If so, is there any recommendations to escape those?

P.S: I know is off-topic but i would be glad to find this out.

Re: Can i get in trouble for getting the first two and last four numbers? 80 80

I take it you get this information over HTTPS then never store such in the databases. If you do store it's with one way encrypted plus salt just like everyone does with name and password.

Now moving on to get in trouble, what does your lawyer say?

Re: Can i get in trouble for getting the first two and last four numbers? 80 80

Yes, you can get in trouble. There are very strict guidelines that dictate which entities are permitted to store credit cards in their database, or even under which circumstances you can collect credit card information.

A set of standards called PCI DSS (Payment Card Industry Data Security Standard) specifies who, what, where, when, and why businesses may collect and store credit card information.

You may consult an attorney (and pay for it!) if you feel like you need more help understanding. However, if you are a business that accepts credit cards, it is your responsibility to be aware and keep yourself updated of all of the PCI DSS requirements and to ensure that your business is taking the necessary steps.

In my case, my credit card merchant audits me on a regular basis to ensure I'm in compliance.

This is not something you should need to hire a business / finance attorney for. Even if you are having difficulty understanding the PCI website, there are people who work at your credit card merchant who should be able to work with you to explain the exact requirements you need to be in compliance.

You can get more information at https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security

If you have questions, I would begin by reaching out to the PCI Compliance division of your credit card merchant. (Stripe and Braintree are the two popular ones for online processing.)

Re: Can i get in trouble for getting the first two and last four numbers? 80 80

Okay! After a lot of research and talking with an lawyer, i came with a conclusion that I should not ask for the user Credit Card details.. Instead to ask for the IBAN number, to detect the Bank name of the user and country, with this even if i want to i cannot abuse that number after all, since is only to receive money. So do you have any knowledge in this field on how can i detect the bank name? Or is there any ready to use PHP function/code about this. Like i said i would like to detect the Bank Name and the Country of the user for UI experience purposes. Is that possible?

Thank you for the reply

Re: Can i get in trouble for getting the first two and last four numbers? 80 80

What about letting them input what you need to know upfront rather than trying to divine the information?

Re: Can i get in trouble for getting the first two and last four numbers? 80 80

@rproffitt I want to test my skills in UI and thats why i want to be this way :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.18 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.