securely store credit card and other sensitive data

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

securely store credit card and other sensitive data

Post by jmut »

Think this belongs here as is security related more or less.
I am about to integrate paypal payments in commercial website... Now I guess I will need to store credit card and possibly other sensitive data.
So my question is what is my best bet on security there. Probably nice to know that this is shared hosting environment.
Thank you.
j4IzbInao
Forum Newbie
Posts: 9
Joined: Tue Oct 14, 2008 6:07 am

Re: securely store credit card and other sensitive data

Post by j4IzbInao »

No, you do not need to store credit card information, that's the idea of using a payment-service-provider such as paypal. They do the "nasty sensitive stuff" while you store only the not so sensitive data such as the customer information & what they've ordered.

Your best bet, try to read the documentation that paypal has on their site although last time I worked on a paypal project that was pure agony trying to find good doucumentation as the site is, well, a bit messy.
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Re: securely store credit card and other sensitive data

Post by jmut »

Well sure I don't need cc with paypal......stupido me. Thanks
Well I am thinking of writing them soon with exactly what option I am after and pray for someon to answer in a week :)
If noone does..I start working on it anyhow.
ioan1k
Forum Newbie
Posts: 8
Joined: Thu Nov 06, 2008 12:48 pm

Re: securely store credit card and other sensitive data

Post by ioan1k »

to store credit card information you first need to start out with a SSL,
then have all information send must be encrypted....and then stored on a encrypted server.

Storing any kind of personal information also brings about a lot of legal issues that you need to be well aware of, because of issues such as identity theft, because there is the risk of this being done from information you stored which could lead to lawsuits.

If this your first time storing information such as this ( if you do take that route ) do a lot of research and get in touch with some lawyers and get the laws on this ( if you work for a company they should work this out )
Post Reply