Steve <mailto:email.weblists@xxxxxxxxx> on Friday, April 21, 2006 5:58 PM said: > So everyone's aware, I have NO intention of storing credit card #'s. I > don't see why anyone needs to.. especially after reading Richard's > past posts in the archive. Perhaps if you don't use a merchant account and process all your cards in house instead?? We keep the cc numbers stored until the card has been run at which time the site attendant clicks an icon in the administration side that does two things (1) sends an email giving some shipping details to the customer, (2) changes the cc number from 4111-1111-1111-1111 to xxxx-xxxx-xxxx-1111. We don't get a lot of orders* so at worst if the db were stolen there'd be possibly 5-10 cc numbers in there. Some people (possibly Richard) would have a heart attack to hear something like that but we've decided that it's a reasonable risk. This is the implementation we decided to take with the cart I wrote myself. It's better than the old version which never removed or protected the cards in any way. (It was an out-of-the-box solution.) I would be extremely interested to learn about the flaws in our current implementation so that I can continue to improve it (short of using an online cc processor). Thanks, Chris. * But if we did get a lot of orders I would reconsider even the current implementation and decided whether or not it was suitable. In fact I'm going to be redoing the entire thing coming up soon so this is good. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
