RE: Credit Cards - Best Practices

Mon, 08 Mar 2004 09:35:02 -0800

In general when I deal with credit cards I absolutely recommend that unless someone is on a dedicated server in an extremely secure environment (their own firewall, the whole works), they should never store credit card information, even on a temporary basis. You're opening yourself up to too much liability otherwise IMO. Even if you are in a secure environment, you still likely want to somehow obfuscate or encrypt the CC numbers in the database the second they get inserted. If someone hacks in the CC numbers shouldn't just be sitting there for the hacker to see.

In general for retail stuff I do the CC processing right when the buyer hits the "buy" button, just because then they get immediate feedback if their CC gets declined or if there's some other problem with the order. I can definitely see how if you were doing high-volume stuff the batch processing might be the way to go though. Just depends on the situation. I typically use Verisign Payflow Pro and haven't ever run into any issues with doing one-off transactions, but I haven't done any huge volume e-commerce sites either.

HTH,
Matt

-------------------------
Matthew P. Woodward
[EMAIL PROTECTED]



----Original Message Follows----
From: "Bailey, Neal" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Credit Cards - Best Practices
Date: Mon, 8 Mar 2004 11:11:47 -0600

Hello CFers...

I was wondering what are the best practices for credit card processing over
the web. Should you pre-authorize a customer's card during check out and
then run a batch transaction at the end of the day? Or should you run the
card as a final sale and gather the funds immediately.  Just as I have heard
people doing it both ways and I am in the process of converting my cart over
to an automatic Card processor API.

What are the pros and cons of both...

Also I have noticed that many shopping carts store their Credit card info in
the database. I have a little utility (MS Access) that transfers the
customer's info to my system at home and then deletes all credit card info.
This usually runs twice a day. Is there a better way to keep the card info
secure?

Thanks
Neal Bailey
Internet Marketing Manager
E-mail:  <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]

_________________________________________________________________
Create a Job Alert on MSN Careers and enter for a chance to win $1000! http://msn.careerbuilder.com/promo/kaday.htm?siteid=CBMSN_1K&sc_extcmp=JS_JASweep_MSNHotm2

-----------------------------------------------
To post, send email to [EMAIL PROTECTED]
To unsubscribe: Send UNSUBSCRIBE to [EMAIL PROTECTED]
To subscribe / unsubscribe: http://www.dfwcfug.org

Reply via email to