Forum Moderators: phranque
Many of us have commercial programs, like say vbulletin with a userbase and login system. Which works great for all kinds of purposes. But collecting credit cards is a royal pain in the ass.
You want to store it securely. Or even not store it at all. But you need the card data offline. Sending card data by email is not that secure. Sure, you can send it by email moderately encrypted, in 2 or three emails. But what if one email didn't go through? You still need it on the server until it's offline. Not to mention how do I explain to the admin about unencrypting it and matching the emails together. As I said, Royal pain in the ass.
And you can't use these commercial programs to collect card data, because they don't interface well with making that page SSL, and storing custom fields aren't encrypted etc.
You see the problem by now...
I'd love to see a commercial program that either interfaces natively with popular software, or just let's you use some kind of API for username authentication rather than their own whole new username system. They give your user a page where they can enter their credit card and billing address. Hold multiple versions thereof. And when it comes time to pay for something it pops up: "card number ending in XXXX digits"...etc. like all the big companies have set up.
And then let the Admin go in and pick up the credit card by using a passphrase.
If a hacker gets into the data, it's hashed, encrypted with a passphrase....mucho hard to get at compared to tons of db's on the web that are easy to hack into and insecure. (I don't know the current security status of passphrases and MD5 hashes etc, but I think they are at least hard for the neophyte to get at.)
Feasible? Does it exist? Have you had this problem and if so how did you solve it?
If there is a place where this discussion will get more attention, can a mod please move it there?
If I understand you correctly you want customers to be able to use a credit card on file for transactions (a card they previously used).
You can build a table where all you store is the cust id, transactions, and last 4 digits of card. Then when they go to buy again all you have to do is pass certain variables and without actually passing the credit card info all over again.
I'd go to their online documentation and read up on it to see if it'll actually do what you want or chat with one of their sales or dev. support people.
Good luck.
