On Tue, Jun 01, 2010 at 09:52:54AM +0200, Peter Lind wrote: > Just wondering: seems there's a bit of a misunderstanding going on > here. Are you talking about storing credit card information in a way > such that customers can do online transactions without entering that > information? Or are you talking about storing this information so your > own company can fill in the details on a monthly basis? > If 1) then the above points apply and you should not store the data, > period. If 2) then I would assume the situation is somewhat different > - though, not knowing the laws from the US I wouldn't really know. No to #1, yes to #2. As for #1, companies like Godaddy do store this information, so I know it can be safely done. But no, we do #2. If we were doing #1, I would turn this over to some gateway and not save the info. I'm not sure any of this has to do with laws. It has more to do with the PSS and the rules of individual credit card companies (Visa, American Express, etc.). Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
