Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: buckworks
If the CC numbers reside on a web connected machine, there is always the possibility of them being compromised, accidentally or maliciously.
There is rarely a good reason to store that sort of data online. Even if you keep other personal information, making a big show of dumping CC numbers after each transaction is a good USP from the POV of user security
>> What about recurring subscriptions?
If it's an annual subscription, write the CC info to an offline location. Just because a CC # is stored electronically, it doesn't have to be in a web-accessible database, or on a machine permanently connected to the Net. That's where most of the online security scares come from, information that has no NEED to be online being compromised
If I were ever developing a system that involved storing credit card numbers, I would design a database architecture that didn't actually have the entire credit card number in one place, and place a requirement on application logic for a credit card number to be recovered.
This would mean that even if a database were compromised, the attacker would have great difficulty extracting valid card numbers from it; and even greater difficulty matching card numbers with personal details (which is when the information really becomes valuable to a crook).
The risk of compromising this information is too high especially if itís a shared hosting. Even a dedicated server that you can set up to max security cannot guarantee that someone smart will be able to retrieve this information from your server.
All of them store information about all transactions and you can make a refund and they handle chargebacks themselves.
If you have any questions, just sticky mail me.
This means that if you go DIY and something horrible happens then you may very well be in big trouble. Third party billing solutions means that all of this is, at least to some extent, someone else's problem.