suggestions needed for database of credit-card

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
php12342005
Forum Commoner
Posts: 79
Joined: Mon Mar 21, 2005 3:35 am

suggestions needed for database of credit-card

Post by php12342005 »

hi all,
i have a credit-card transaction web-page, now i need to create a database to record customers' info.

could you give me suggestions about what tables and fields shoulb be in the db? goods to sell are just a few of software.

any examples?

thx
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

unless you've got a REALLY secure environment, it's not good practice to store credit card info. You could always save customer info (name, address, company address, phone number, even billing address), but I'd avoid keeping the credit card info at all costs...leave that up to your authenticaton system.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Burrito wrote:unless you've got a REALLY secure environment, it's not good practice to store credit card info. You could always save customer info (name, address, company address, phone number, even billing address), but I'd avoid keeping the credit card info at all costs...leave that up to your authenticaton system.
Agreed 100%.

I'm sure it would be worth it to have the users input their credit card details every time they make a purchase, just to be safe. I would also seriously consider you do not attempt to create a secure environment, especially when dealing with real money, considering how easy it would be for an experience hacker to exploit your site and eventually gain access to the users credit information and such...
php12342005
Forum Commoner
Posts: 79
Joined: Mon Mar 21, 2005 3:35 am

Post by php12342005 »

if i keep customers' card number there only for a few of days then delete them (after i record the info to a "safe" place), do you think it is OK?
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

I would agree with Burrito and phenom as storing cc data is dangerous unless you are 100% sure you know how to secure an enviroment. I have been programming php for 5 years and I don't feel comfortable doing it. If you have your authentication system deal with it then you won't be liable if the cc data gets hacked, not your site. You still of course have to be safe with the info you do use but leave the cc data to people who's sole purpose is web security.

If your customers are going to be make regular purchases, you could alway create an invoicing system that sends out emails with the current account details on it along with the total they owe and have link that will take them to a spot in your site that can then lead them through the payment proccess.
This way they may only have to enter their cc details once a month or whatever time frame you want to set up. Of course this would only be for good, regular cutomers.

phpScott
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Post by Joe »

php12342005 wrote:if i keep customers' card number there only for a few of days then delete them (after i record the info to a "safe" place), do you think it is OK?
No. That's just putting your poor customers at risk. I say use a payment processor or perhaps even cheque/postal orders?.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Last I checked, keeping the credit-card data for any period of time requires that you pass the security audits of the credit card companies. This is pretty difficult and expensive. It's far easier to get yourself a merchant account with them and hook up with a third-party clearing house and processor. We've listed several of these companies recently in a thread.
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

feyd wrote:It's far easier to get yourself a merchant account with them and hook up with a third-party clearing house and processor. We've listed several of these companies recently in a thread.
You could store transaction id's and auth numbers. Let the third party company worry abou the CC nums.
Post Reply