php_guy Posted July 28, 2010 Share Posted July 28, 2010 I'm looking at creating a web interface for cusotmers to enter credit card information. What is the best approach for this? Keeping in mind security of data... Maybe this last point is more a question for web server administrators, but thought I'd ask anyway. Quote Link to comment Share on other sites More sharing options...
php_guy Posted July 28, 2010 Author Share Posted July 28, 2010 Bump: Is this really a question for a web server form? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 28, 2010 Share Posted July 28, 2010 It's something you'd be better off using a third party application or API for. Let them have the liability of dealing with the credit card info. Quote Link to comment Share on other sites More sharing options...
radar Posted July 28, 2010 Share Posted July 28, 2010 at the very least invest in SSL -- at that point you can use an auth.net account to generate an authorization number, at that point the credit card number is stored on their servers, and you never need to even see that. just need the exp, cvv2, billing address and such. Quote Link to comment Share on other sites More sharing options...
TheChaosFactor Posted July 28, 2010 Share Posted July 28, 2010 at the very least invest in SSL -- at that point you can use an auth.net account to generate an authorization number, at that point the credit card number is stored on their servers, and you never need to even see that. just need the exp, cvv2, billing address and such. Yup, and for the UI try phpcoin for free or clientexec for a fee Quote Link to comment Share on other sites More sharing options...
php_guy Posted September 24, 2010 Author Share Posted September 24, 2010 Just want to bring this topic up again... Are you saying that if I use this auth.net, then the credit card data will be stored on their servers and not mine? The way it works is: 1) Customers enter their billing info in the site 2) The site should store this data somewhere - preferably if it can be stored in auth.net then that's better, since the website owners would not be liable for the data 3) At some point, customer service representatives will need to bring up this credit card data so that they can manually enter it in th back end billing system. Note: For this step, it currently needs to be a manual process of transferring it from where ever it is stored to the billing system (the hooks for automatic transfer are not in place yet, and we cannot wait until they are, so we are using this manual process for the time being) Can anyone comment on this? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.