Re: keeping credit card info in session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

unless you are a payment gateway or a bank don't touch credit card numbers.
there are plenty of threads in the archive of this list that give good reasons
not to e.g. being sued out of existence.

get a payment provider and let them handle the transaction automatically,
the site admin could be given a system whereby he/she can fire off email to
customers that give them a url to (and instruct them to) complete a
payment at your choose payment provider if a manual check needs to occur
before a payment is initiated.

storing CC numbers on your machine is rather like walking around carrying
hot coals ... sooner or later you will be burned.

siavash1979@xxxxxxxxx wrote:
> Hi All,
>  
> I've got quite a bit or php experience, but I've never had to deal with credit 
> card info before. Now for a property rental site, I'm adding a way for users to 
> be able to fill out a form which also has some credit card info in it.
>  
> After they submit the form, there are a couple of more steps and to pass credit 
> card info to the last page, I'm storing all the info in my session. Now, I did 
> go and bought an SSL certificate, so the booking section of the site is on SSL 
> (https). I'm just wondering if this is secure enough. as far as I know, SSL 
> means connection to server is secured, so session variables should be secured 
> too. no?
>  
> Also after I get credit card info, I'm storing them in a mysql table until an 
> admin would log in to the site, see new reservations, charge them manually and 
> contact the customer, and then that entry will be removed from my database for 
> ever. Is this ok? or is it a really bad idea? originally the plan was to send 
> an email to the admin with credit card info, but then I realized that emails 
> are very unsecure. so I decided to keep the info on the SSL section of the site.
>  
> just because I'm dealing with credit cards, I'm so afraid of doing anything 
> now. Any suggestions? or perhaps any links to how to make it all more secure?
>  
> Thanks a lot in advance,
> Siavash
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux