Mike, I agree with the things that Geoff is telling you. What I have seen in the past and even in some free PHP programs that I downloaded for learning purposes, is the CC number stored in your database but not entirely. I mean like 1234........789 so the customer can verify that the transaction will be made using the right CC and not an old one or even someone else CC.
HTH, C. > -----Original Message----- > From: Geoff Caplan [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 13, 2002 5:20 AM > To: Mike Mannakee; [EMAIL PROTECTED] > Subject: Re[2]: [PHP] Credit Card suggestions > > Mike, > > >>Does anyone have any suggested method of scrambling a user's credit card > >>number before I stick it in a mysql database? > > With respect, if you have to ask the question, you don't have the > technical skills to do this safely. In particular, there is no way to > keep the numbers secure if you are storing them on a machine which can > be accessed directly from the internet. Both your encryption keys and > your card numbers would have to be stored on a back-end machine > protected by a sophisticated firewall. > > Payment gateway providers have to meet challenging standards and > undergo rigorous audits from the banks before they are allowed to > store numbers. Much your best solution is to use one of these > providers, who will store the card numbers for you. You can then do > all the transactions you require, such as repeats, refunds etc without > ever having to store the card number. Many providers offer the options > of using forms on their servers, or using your own SSL forms and > posting them the data using the SSL. With the CURL library, writing an > interface for this is relatively trivial. > > Many countries (such as the UK where we operate) have laws about the > storage of credit cards on computer networks, so what you are planning > may even be illegal! > > -- > Geoff Caplan > Advantae Ltd > > mailto:[EMAIL PROTECTED] > http://www.advantae.com > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
