<<
That's not really how it works. You can't just store customer's credit card
information (or bank account info) in a table. Look up info about Payment Card
Industry Data Security Standard.
>>
There's nothing in the standard that actually says you can't store credit card
numbers. The standard describes a minimum level of protection and does so in
very general terms ("Develop and maintain secure systems and applications",
"Protect stored cardholder data"). It doesn't even require encrypted database
storage (although it does require encrypted tranmission on public networks).
That said, like Dawn I always suggest to clients that they don't store credit
card information but rather request it with each transaction. That way you
never find yourself in the position of having to tell 5,000 customers that you
might have compromised their credit card information.
Whether you store it or request, it's fairly easy to process credit cards via
program code. I've done one implementation where the credit card process
provided a free ActiveX control and I wrote a little bit of VBA glue to process
the transaction. I suspect there are also options to perform this transaction
through HTTP requests, but I don't have any experience with those.
Bank drafts I have no experience with but banking is so automated these days I
would be surprised if you couldn't do this electronically as well.
--
Larry
