Notice the URL starts with 'usa'. In other countries you do have to go by
the local laws.
----- Original Message -----
From: "Dan Harrington" <dan@xxxxxxx>
To: "'Satyam'" <Satyam@xxxxxxxxxxxxx>; <siavash1979@xxxxxxxxx>;
<php-general@xxxxxxxxxxxxx>
Sent: Sunday, April 08, 2007 11:32 PM
Subject: RE: keeping credit card info in session
Its not the country rules to worry about, it is Visa and MasterCard who
will
come down hard on you with $$ penalties if you don't maintain cardholder
security correctly.
http://usa.visa.com/merchants/risk_management/cisp.html?ep=v_sym_cisp
Dan
--
Dan Harrington
NXGEN Payment Services
112 12th Ave. S.
Nampa, ID 83651
208-498-1666 (voice)
208-498-1667 (fax)
dharrington@xxxxxxxxxx
-----Original Message-----
From: Satyam [mailto:Satyam@xxxxxxxxxxxxx]
Sent: Sunday, April 08, 2007 3:25 PM
To: siavash1979@xxxxxxxxx; php-general@xxxxxxxxxxxxx
Subject: Re: keeping credit card info in session
Check the local legislation regarding keeping such sensitive information.
Many countries do have strict requirements for handling credit card info.
Your bank might help you find what the rules are.
Satyam
----- Original Message -----
From: <siavash1979@xxxxxxxxx>
To: <php-general@xxxxxxxxxxxxx>
Sent: Sunday, April 08, 2007 8:26 PM
Subject: keeping credit card info in session
Hi All,
I've got quite a bit or php experience, but I've never had to deal with
credit
card info before. Now for a property rental site, I'm adding a way for
users to
be able to fill out a form which also has some credit card info in it.
After they submit the form, there are a couple of more steps and to pass
credit
card info to the last page, I'm storing all the info in my session. Now,
I
did
go and bought an SSL certificate, so the booking section of the site is
on
SSL
(https). I'm just wondering if this is secure enough. as far as I know,
SSL
means connection to server is secured, so session variables should be
secured
too. no?
Also after I get credit card info, I'm storing them in a mysql table
until
an
admin would log in to the site, see new reservations, charge them
manually
and
contact the customer, and then that entry will be removed from my
database
for
ever. Is this ok? or is it a really bad idea? originally the plan was to
send
an email to the admin with credit card info, but then I realized that
emails
are very unsecure. so I decided to keep the info on the SSL section of
the
site.
just because I'm dealing with credit cards, I'm so afraid of doing
anything
now. Any suggestions? or perhaps any links to how to make it all more
secure?
Thanks a lot in advance,
Siavash
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/751 - Release Date: 07/04/2007
22:57
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.0.0/751 - Release Date: 07/04/2007
22:57
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
