|Storing Credit Card Information|
Help me to solve this problem
| 3:30 pm on Mar 27, 2008 (gmt 0)|
I am new to payment processing. I explained our requirement below.
Our customer want to store the credit card informtion of their club members who all are registering with them. They want to use the credit card information for auto renewal of their membership. The auto renewal does not need member's knowledge. They will just send bill to their EMail after renewal.
I have some questions regarding Credit card processing. Please reply me about the following questions.
1.Is it legal to store credit card information?(I read it is illegal but most people are storing this.)
2.If it is legal, what are the credit card information (CC number, exp.date and etc) that we have to store for future debit? and what are security measures we have to follow?
3.Who are leading credit card processers I can contact to get service?
4.Is there any other service or way avilable to achive our process?
Plz help me to get clear with this issue.
| 3:39 pm on Mar 27, 2008 (gmt 0)|
Authorize.net CIM may be your best option. The details are stored on authorize.net's servers and you just bill them over the web.
| 4:01 pm on Mar 27, 2008 (gmt 0)|
Yeah, you're probably better off with a gateway/processor that does recurring payments rather than having your own system store and process all that data. I, for one, want nothing to do with storing credit card numbers... too much hassle and liability. That's what I pay my processor each month for.
It can be legal, but there are requirements that must be met for it to be so. If I'm right, and I may not be, my guess is that you would need to store everything about the card somewhere excepting, of course, for the CVV number which is illegal to store anywhere. I'm not sure how online recurring payments would work without that number being used in the process... maybe someone smarter than I about such things could chime in.
| 4:19 pm on Mar 27, 2008 (gmt 0)|
It is not illegal to store credit card information, either on paper or electronically, but naturally any "escape" would be at your risk and might well cause your merchant facility to be withdrawn.
The credit card companies say that it is not permissible to store the CVV info (although how this applies to a written order received by post is not at all clear). Nor is the CVV data mandatory when processing the order - but the risk is on you if the card turns out to have been stolen etc.
| 4:42 am on Mar 29, 2008 (gmt 0)|
Thank you all for ur reply
| 5:11 pm on Mar 29, 2008 (gmt 0)|
Welcome aboard rrameshbtech, as said it is not illegal - but if your clients read their merchant account contract, they are very specific about storing credit card info as well as usage of that account to process transactions. Usage outside the specified agreement can have grievous consequences.
If this refers to an offline terminal used to process CC's, using it for the Internet in any way is usually forbidden. That is a separate account with different rates and fees. If used in any other way and the account provider discovers such usage, the client can be fined (I've head numbers as high as $30,000 USD) and billed in arrears for any charges were made outside of the contract boundaries.
Even if it's an Internet account, they are specific to instruct that you do not store credit card info. Doing so could also get your account closed. Once you have had a merchant account closed, it may become impossible to open another one.
The three processors I am familiar with that do provide methods of automatic recurring billing are payPal, Netbilling, and recently authorize.net.
|The auto renewal does not need member's knowledge. |
I don't know of the legalities of this, but I'm pretty sure this is a problem. The member needs to know of your intent to automatically bill the account, and also needs to agree or disagree to allow this to happen, and be able to opt out of it at any time. I'd sure run for the hills if someone debited my card without my consent.
| 9:16 pm on Mar 29, 2008 (gmt 0)|
It's a very touchy subject these days on storing a credit card number, and even more data. If you search for PCI compliance, you will get some idea.
The auto renewal does need approval - whether you think you might not have given it before or not, you have. A company that has too many Reason Code 41: Cancelled Recurring Transaction chargebacks will be reviewed by the risk department to see if there are potential problems.
Most electronic payment gateways will give you a recurring billing module - some free and some charge you for it. Usually relying on the gateway will be better in the amount of data you have to store on your server.
I think it is OK for me now to say MasterCard / Visa on here, but go to MasterCard's website, choose your country and look for merchants. You will find their rules and regulations and ideas on a few things.
| 4:44 am on Mar 31, 2008 (gmt 0)|
Thank you rocknbil and Corey Bryant. Now I got good Idea and all of your information are very useful for me. Thank you once again.
| 9:41 am on Mar 31, 2008 (gmt 0)|
Btw, I just thought I might mention to you that there are other payment services out there ( at least for digital content, if that is relevant to you) that the customer does not need to pay with a credit card at all, thus eliminating your problem of storing his personal information. It might be worthwhile to check them out...