hi all,
i have a credit-card transaction web-page, now i need to create a database to record customers' info.
could you give me suggestions about what tables and fields shoulb be in the db? goods to sell are just a few of software.
any examples?
thx
suggestions needed for database of credit-card
Moderator: General Moderators
-
php12342005
- Forum Commoner
- Posts: 79
- Joined: Mon Mar 21, 2005 3:35 am
unless you've got a REALLY secure environment, it's not good practice to store credit card info. You could always save customer info (name, address, company address, phone number, even billing address), but I'd avoid keeping the credit card info at all costs...leave that up to your authenticaton system.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Agreed 100%.Burrito wrote:unless you've got a REALLY secure environment, it's not good practice to store credit card info. You could always save customer info (name, address, company address, phone number, even billing address), but I'd avoid keeping the credit card info at all costs...leave that up to your authenticaton system.
I'm sure it would be worth it to have the users input their credit card details every time they make a purchase, just to be safe. I would also seriously consider you do not attempt to create a secure environment, especially when dealing with real money, considering how easy it would be for an experience hacker to exploit your site and eventually gain access to the users credit information and such...
-
php12342005
- Forum Commoner
- Posts: 79
- Joined: Mon Mar 21, 2005 3:35 am
I would agree with Burrito and phenom as storing cc data is dangerous unless you are 100% sure you know how to secure an enviroment. I have been programming php for 5 years and I don't feel comfortable doing it. If you have your authentication system deal with it then you won't be liable if the cc data gets hacked, not your site. You still of course have to be safe with the info you do use but leave the cc data to people who's sole purpose is web security.
If your customers are going to be make regular purchases, you could alway create an invoicing system that sends out emails with the current account details on it along with the total they owe and have link that will take them to a spot in your site that can then lead them through the payment proccess.
This way they may only have to enter their cc details once a month or whatever time frame you want to set up. Of course this would only be for good, regular cutomers.
phpScott
If your customers are going to be make regular purchases, you could alway create an invoicing system that sends out emails with the current account details on it along with the total they owe and have link that will take them to a spot in your site that can then lead them through the payment proccess.
This way they may only have to enter their cc details once a month or whatever time frame you want to set up. Of course this would only be for good, regular cutomers.
phpScott
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Last I checked, keeping the credit-card data for any period of time requires that you pass the security audits of the credit card companies. This is pretty difficult and expensive. It's far easier to get yourself a merchant account with them and hook up with a third-party clearing house and processor. We've listed several of these companies recently in a thread.