On Tue, Jun 01, 2010 at 09:52:54AM +0200, Peter Lind wrote:
> Just wondering: seems there's a bit of a misunderstanding going on
> here. Are you talking about storing credit card information in a way
> such that customers can do online transactions without entering that
> information? Or are you talking about storing this information so your
> own company can fill in the details on a monthly basis?
> If 1) then the above points apply and you should not store the data,
> period. If 2) then I would assume the situation is somewhat different
> - though, not knowing the laws from the US I wouldn't really know.
No to #1, yes to #2.
As for #1, companies like Godaddy do store this information, so I know
it can be safely done.
But no, we do #2. If we were doing #1, I would turn this over to some
gateway and not save the info.
I'm not sure any of this has to do with laws. It has more to do with the
PSS and the rules of individual credit card companies (Visa, American
Paul M. Foster
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php