Its not the country rules to worry about, it is Visa and MasterCard who will come down hard on you with $$ penalties if you don't maintain cardholder security correctly. http://usa.visa.com/merchants/risk_management/cisp.html?ep=v_sym_cisp
Dan -- Dan Harrington NXGEN Payment Services 112 12th Ave. S. Nampa, ID 83651 208-498-1666 (voice) 208-498-1667 (fax) [EMAIL PROTECTED] -----Original Message----- From: Satyam [mailto:[EMAIL PROTECTED] Sent: Sunday, April 08, 2007 3:25 PM To: [EMAIL PROTECTED]; php-general@lists.php.net Subject: Re: [PHP] keeping credit card info in session Check the local legislation regarding keeping such sensitive information. Many countries do have strict requirements for handling credit card info. Your bank might help you find what the rules are. Satyam ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <php-general@lists.php.net> Sent: Sunday, April 08, 2007 8:26 PM Subject: [PHP] keeping credit card info in session > > Hi All, > > I've got quite a bit or php experience, but I've never had to deal with > credit > card info before. Now for a property rental site, I'm adding a way for > users to > be able to fill out a form which also has some credit card info in it. > > After they submit the form, there are a couple of more steps and to pass > credit > card info to the last page, I'm storing all the info in my session. Now, I > did > go and bought an SSL certificate, so the booking section of the site is on > SSL > (https). I'm just wondering if this is secure enough. as far as I know, > SSL > means connection to server is secured, so session variables should be > secured > too. no? > > Also after I get credit card info, I'm storing them in a mysql table until > an > admin would log in to the site, see new reservations, charge them manually > and > contact the customer, and then that entry will be removed from my database > for > ever. Is this ok? or is it a really bad idea? originally the plan was to > send > an email to the admin with credit card info, but then I realized that > emails > are very unsecure. so I decided to keep the info on the SSL section of the > site. > > just because I'm dealing with credit cards, I'm so afraid of doing > anything > now. Any suggestions? or perhaps any links to how to make it all more > secure? > > Thanks a lot in advance, > Siavash > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.446 / Virus Database: 269.0.0/751 - Release Date: 07/04/2007 > 22:57 > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
