Forum Moderators: buckworks
1.Is it legal to store credit card information?(I read it is illegal but most people are storing this.)
2.If it is legal, what are the credit card information (CC number, exp.date and etc) that we have to store for future debit? and what are security measures we have to follow?
3.Who are leading credit card processers I can contact to get service?
4.Is there any other service or way avilable to achive our process?
Plz help me to get clear with this issue.
It can be legal, but there are requirements that must be met for it to be so. If I'm right, and I may not be, my guess is that you would need to store everything about the card somewhere excepting, of course, for the CVV number which is illegal to store anywhere. I'm not sure how online recurring payments would work without that number being used in the process... maybe someone smarter than I about such things could chime in.
The credit card companies say that it is not permissible to store the CVV info (although how this applies to a written order received by post is not at all clear). Nor is the CVV data mandatory when processing the order - but the risk is on you if the card turns out to have been stolen etc.
If this refers to an offline terminal used to process CC's, using it for the Internet in any way is usually forbidden. That is a separate account with different rates and fees. If used in any other way and the account provider discovers such usage, the client can be fined (I've head numbers as high as $30,000 USD) and billed in arrears for any charges were made outside of the contract boundaries.
Even if it's an Internet account, they are specific to instruct that you do not store credit card info. Doing so could also get your account closed. Once you have had a merchant account closed, it may become impossible to open another one.
The three processors I am familiar with that do provide methods of automatic recurring billing are payPal, Netbilling, and recently authorize.net.
The auto renewal does not need member's knowledge.
I don't know of the legalities of this, but I'm pretty sure this is a problem. The member needs to know of your intent to automatically bill the account, and also needs to agree or disagree to allow this to happen, and be able to opt out of it at any time. I'd sure run for the hills if someone debited my card without my consent.
The auto renewal does need approval - whether you think you might not have given it before or not, you have. A company that has too many Reason Code 41: Cancelled Recurring Transaction chargebacks will be reviewed by the risk department to see if there are potential problems.
Most electronic payment gateways will give you a recurring billing module - some free and some charge you for it. Usually relying on the gateway will be better in the amount of data you have to store on your server.
I think it is OK for me now to say MasterCard / Visa on here, but go to MasterCard's website, choose your country and look for merchants. You will find their rules and regulations and ideas on a few things.
