david05 Posted June 11, 2005 Share Posted June 11, 2005 Can I have some comments on storing of credit card details (or not!) on the server in a database. It would be good to get a consensus on this to see what the majority of people are doing. If you have an SSL connection then is it a good idea to capture peoples credit card details, and THEN send to the payment gateway to process. This raises the question that if you capture the cards details should you store it (i.e. this could be useful for subsequent customer orders, to pre-fill c.card form details for ultra fast checkout!). What are the consequences, and requirements for doing this. Is anyone doing this already, if so I would be interested in your comments on the above and general credit card info capturing/storing rather than just passing the user to a secure payment gateway and letting them handle the credit card capturing. Looking forward to reading your comments. Many thanks. Link to comment Share on other sites More sharing options...
Guest Posted June 11, 2005 Share Posted June 11, 2005 We have SSL on our store, the way we have it set up is that they customer fills in the info and it is sent to our payment gateway. It is not stored on our server and we have no access to the CC details (even though our payment processor admin panel). For me that provides the greatest security and is the method that I choose. This is just the way our payment processor contribution was when we set it up. I am sure that others are different and can be altered to suit your needs and the level of risk that you are willing to take with your customers information. By not storing the info and leaving that to the payment processor IMO is the best method as I am sure they know more about internet security than I will ever know. My only job is to make sure they get the customers info in a secure manner. I would not want my CC info pre filled on a site unless it was on a site from a MAJOR comapny that I was confident had the security personel on staff to handle such information. Whichever way you choose to do it just make information that you store is within your knowledge to protect. Peter Link to comment Share on other sites More sharing options...
bglkk Posted June 11, 2005 Share Posted June 11, 2005 Can I have some comments on storing of credit card details (or not!) on the server in a database. It would be good to get a consensus on this to see what the majority of people are doing. If you have an SSL connection then is it a good idea to capture peoples credit card details, and THEN send to the payment gateway to process. This raises the question that if you capture the cards details should you store it (i.e. this could be useful for subsequent customer orders, to pre-fill c.card form details for ultra fast checkout!). What are the consequences, and requirements for doing this. Is anyone doing this already, if so I would be interested in your comments on the above and general credit card info capturing/storing rather than just passing the user to a secure payment gateway and letting them handle the credit card capturing. Looking forward to reading your comments. Many thanks. <{POST_SNAPBACK}> We are uncomfortable with keeping credit card info on the server, but we do keep split numbers for reference in case of chargebacks. Our payment processor does not let us access full credit card nos. either. "Buy the ticket, take the ride..." -HST Link to comment Share on other sites More sharing options...
david05 Posted June 12, 2005 Author Share Posted June 12, 2005 I would agree, that pre-filled c.card info would not be of great interest to most customers. I think just pre-filling user info (name, address etc.) would be fine then the user can enter the c.card details again to process subsequent orders. Is anyone using WorldPay? If so have you the option of storing c.card details, and is this an easy to use gateway. It seems to be the best one to go for in UK. Any comments? Link to comment Share on other sites More sharing options...
Jumping Rabbit Posted June 12, 2005 Share Posted June 12, 2005 I would agree, that pre-filled c.card info would not be of great interest to most customers. I think just pre-filling user info (name, address etc.) would be fine then the user can enter the c.card details again to process subsequent orders. Is anyone using WorldPay? If so have you the option of storing c.card details, and is this an easy to use gateway. It seems to be the best one to go for in UK. Any comments? <{POST_SNAPBACK}> Worldpay is quite good, the standard edition do not have the option to store the cc, but if you sign up for their Futurepay service it can be done in regards to recurring billing. Faster Checkout - osCommerce Knowledge Base - Anyone meet offline?, Has anyone of you cyberkids meet offline? For newbees do atleast read this 4 points: Basic info - Search tips and help - Posting tips and help - Basics for Design Link to comment Share on other sites More sharing options...
david05 Posted June 12, 2005 Author Share Posted June 12, 2005 Worldpay is quite good, the standard edition do not have the option to store the cc, but if you sign up for their Futurepay service it can be done in regards to recurring billing. <{POST_SNAPBACK}> Ahh, I see, that's interesting. I will be using the Futurepay service as well as the standard service for accepting credit cards for online orders. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.