Forum Moderators: buckworks
Basically, the client would like a way for repeat customers to not have to re-enter their credit card information. I am pretty much dead set against any sort of storing the payment info in the database at all. However, are their any alternatives out there?
Basically we would need a way for a customer to log in and make payments without having to re-input payment info. So if there is a payment provider out there that offers some sort of system that would allow for this, it would be great.
If there isn't, where would I begin making a compliant system that allows for this? Clearly I wouldn't want to store any of the payment information on the database located on a server with internet access. I believe, from my limited knowledge that this act alone is not compliant.
But Ive also read that this is fine as long as the cvv2 number isn't stored. Is this true?
The fact that this is a out of my league tells me I will definately reject any solution my boss tries to come up with that isnt handled by a seperate provider, but I would like to begin learning more about this problem for the future.
^^ Correct, many merchant providers have this or a permutation of it. Basically on the first purchase, a unique id is stored in both the gateway and on your site. On return purchases, the unique ID is used to do the debit, no CC storage required. It's also used for subscription based charges.
If there isn't, where would I begin making a compliant system that allows for this?
Start here [pcicomplianceguide.org], more than you'll ever want to know about PCI compliance.
