Page 3 of 3

Re: Secure PHP - Credit Card processing system

Posted: Thu Mar 19, 2009 8:47 am
by kaisellgren
Where ever PHP is outputting the CC, make sure you have placed a proper encryption on the transmission. That is, if you are sending an email, encrypt (PGP). If you are sending a query to the database, encrypt the database connection.

The security of storing Credit Card information is considered as the single most important fact. It is a must to have a third-party to review your application and to do several penetration tests.

Re: Secure PHP - Credit Card processing system

Posted: Fri Jun 19, 2009 10:54 am
by Eric!
Just an aside suggestion. If this is a professional business with trusted clients, why not just sent them a notification of a bill that is due, when it is due and they could just pay then with an online service like paypal. You could even use paypal billing if you wanted. That way you don't need to handle the card data.

https://www.paypal.com/cgi-bin/webscr?c ... &nav=2.2.1

They can even pay paypal invoices by phone or fax for people who are afraid to give cc data out over the internet.
https://www.paypal.com/cgi-bin/webscr?c ... &nav=2.0.5

Maybe once you can explain the choices/difficulty to the client their requirements might change.