Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Store credit card details on server?


david05

Recommended Posts

Can I have some comments on storing of credit card details (or not!) on the server in a database. It would be good to get a consensus on this to see what the majority of people are doing.

 

If you have an SSL connection then is it a good idea to capture peoples credit card details, and THEN send to the payment gateway to process. This raises the question that if you capture the cards details should you store it (i.e. this could be useful for subsequent customer orders, to pre-fill c.card form details for ultra fast checkout!). What are the consequences, and requirements for doing this.

 

Is anyone doing this already, if so I would be interested in your comments on the above and general credit card info capturing/storing rather than just passing the user to a secure payment gateway and letting them handle the credit card capturing. Looking forward to reading your comments. Many thanks.

Link to comment
Share on other sites

We have SSL on our store, the way we have it set up is that they customer fills in the info and it is sent to our payment gateway. It is not stored on our server and we have no access to the CC details (even though our payment processor admin panel). For me that provides the greatest security and is the method that I choose. This is just the way our payment processor contribution was when we set it up. I am sure that others are different and can be altered to suit your needs and the level of risk that you are willing to take with your customers information.

 

By not storing the info and leaving that to the payment processor IMO is the best method as I am sure they know more about internet security than I will ever know. My only job is to make sure they get the customers info in a secure manner.

 

I would not want my CC info pre filled on a site unless it was on a site from a MAJOR comapny that I was confident had the security personel on staff to handle such information.

 

Whichever way you choose to do it just make information that you store is within your knowledge to protect.

 

Peter

Link to comment
Share on other sites

Can I have some comments on storing of credit card details (or not!) on the server in a database. It would be good to get a consensus on this to see what the majority of people are doing.

 

If you have an SSL connection then is it a good idea to capture peoples credit card details, and THEN send to the payment gateway to process. This raises the question that if you capture the cards details should you store it (i.e. this could be useful for subsequent customer orders, to pre-fill c.card form details for ultra fast checkout!). What are the consequences, and requirements for doing this.

 

Is anyone doing this already, if so I would be interested in your comments on the above and general credit card info capturing/storing rather than just passing the user to a secure payment gateway and letting them handle the credit card capturing. Looking forward to reading your comments. Many thanks.

 

We are uncomfortable with keeping credit card info on the server, but we do keep split numbers for reference in case of chargebacks. Our payment processor does not let us access full credit card nos. either.

"Buy the ticket, take the ride..." -HST

Link to comment
Share on other sites

I would agree, that pre-filled c.card info would not be of great interest to most customers. I think just pre-filling user info (name, address etc.) would be fine then the user can enter the c.card details again to process subsequent orders.

 

Is anyone using WorldPay? If so have you the option of storing c.card details, and is this an easy to use gateway. It seems to be the best one to go for in UK. Any comments?

Link to comment
Share on other sites

I would agree, that pre-filled c.card info would not be of great interest to most customers. I think just pre-filling user info (name, address etc.) would be fine then the user can enter the c.card details again to process subsequent orders.

 

Is anyone using WorldPay? If so have you the option of storing c.card details, and is this an easy to use gateway. It seems to be the best one to go for in UK. Any comments?

 

Worldpay is quite good, the standard edition do not have the option to store the cc, but if you sign up for their Futurepay service it can be done in regards to recurring billing.

Link to comment
Share on other sites

Worldpay is quite good, the standard edition do not have the option to store the cc, but if you sign up for their Futurepay service it can be done in regards to recurring billing.

 

Ahh, I see, that's interesting. I will be using the Futurepay service as well as the standard service for accepting credit cards for online orders.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...