Page 1 of 1

suggestions needed for database of credit-card

Posted: Thu Mar 24, 2005 11:13 pm
by php12342005
hi all,
i have a credit-card transaction web-page, now i need to create a database to record customers' info.

could you give me suggestions about what tables and fields shoulb be in the db? goods to sell are just a few of software.

any examples?

thx

Posted: Thu Mar 24, 2005 11:22 pm
by Burrito
unless you've got a REALLY secure environment, it's not good practice to store credit card info. You could always save customer info (name, address, company address, phone number, even billing address), but I'd avoid keeping the credit card info at all costs...leave that up to your authenticaton system.

Posted: Thu Mar 24, 2005 11:30 pm
by John Cartwright
Burrito wrote:unless you've got a REALLY secure environment, it's not good practice to store credit card info. You could always save customer info (name, address, company address, phone number, even billing address), but I'd avoid keeping the credit card info at all costs...leave that up to your authenticaton system.
Agreed 100%.

I'm sure it would be worth it to have the users input their credit card details every time they make a purchase, just to be safe. I would also seriously consider you do not attempt to create a secure environment, especially when dealing with real money, considering how easy it would be for an experience hacker to exploit your site and eventually gain access to the users credit information and such...

Posted: Fri Mar 25, 2005 3:11 am
by php12342005
if i keep customers' card number there only for a few of days then delete them (after i record the info to a "safe" place), do you think it is OK?

Posted: Fri Mar 25, 2005 4:15 am
by phpScott
I would agree with Burrito and phenom as storing cc data is dangerous unless you are 100% sure you know how to secure an enviroment. I have been programming php for 5 years and I don't feel comfortable doing it. If you have your authentication system deal with it then you won't be liable if the cc data gets hacked, not your site. You still of course have to be safe with the info you do use but leave the cc data to people who's sole purpose is web security.

If your customers are going to be make regular purchases, you could alway create an invoicing system that sends out emails with the current account details on it along with the total they owe and have link that will take them to a spot in your site that can then lead them through the payment proccess.
This way they may only have to enter their cc details once a month or whatever time frame you want to set up. Of course this would only be for good, regular cutomers.

phpScott

Posted: Fri Mar 25, 2005 7:43 am
by Joe
php12342005 wrote:if i keep customers' card number there only for a few of days then delete them (after i record the info to a "safe" place), do you think it is OK?
No. That's just putting your poor customers at risk. I say use a payment processor or perhaps even cheque/postal orders?.

Posted: Fri Mar 25, 2005 8:05 am
by feyd
Last I checked, keeping the credit-card data for any period of time requires that you pass the security audits of the credit card companies. This is pretty difficult and expensive. It's far easier to get yourself a merchant account with them and hook up with a third-party clearing house and processor. We've listed several of these companies recently in a thread.

Posted: Fri Mar 25, 2005 8:31 am
by neophyte
feyd wrote:It's far easier to get yourself a merchant account with them and hook up with a third-party clearing house and processor. We've listed several of these companies recently in a thread.
You could store transaction id's and auth numbers. Let the third party company worry abou the CC nums.