>>Does anyone have any suggested method of scrambling a user's credit card
>>number before I stick it in a mysql database?

With respect, if you have to ask the question, you don't have the
technical skills to do this safely. In particular, there is no way to
keep the numbers secure if you are storing them on a machine which can
be accessed directly from the internet. Both your encryption keys and
your card numbers would have to be stored on a back-end machine
protected by a sophisticated firewall.

Payment gateway providers have to meet challenging standards and
undergo rigorous audits from the banks before they are allowed to
store numbers. Much your best solution is to use one of these
providers, who will store the card numbers for you. You can then do
all the transactions you require, such as repeats, refunds etc without
ever having to store the card number. Many providers offer the options
of using forms on their servers, or using your own SSL forms and
posting them the data using the SSL. With the CURL library, writing an
interface for this is relatively trivial.

Many countries (such as the UK where we operate) have laws about the
storage of credit cards on computer networks, so what you are planning
may even be illegal!

Geoff Caplan
Advantae Ltd


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to