Closed

How to securely transmit and store credit card information?

I'm thinking about starting up a web business. I'm in the site development phase but before I get too deeply invested I want to start learning how I'm going to protect my customers credit card numbers as storing them to be charged at a later date is going to be a critical part of my business. This is going to have to be done on a massive scale (storing thousands of card to be charged at approximately the same time) What do I need know in order to pull this off? Databases? PHP? SSH/SSL? Is there a service like paypal that would store/secure this information for me?
9 answers Last reply
More about securely transmit store credit card information
  1. Use a payment service and have them deal with it . . . Yes, paypal would work fine.
  2. And check the legal requirements in your country. Storing credit card numbers has special requirements like a bank license in some countries. Like Traciatim said, a payment service provider like paypal is the way to go.
  3. You may want to look at something like:

    http://www.shift4.com/dotn/4tify/trueTokenization.cfm

    With systems like this you actually never see a credit card number yourself. Seems liek a much safer way to go than trying to design yourself a secure system, which if you're not a complete security expert will probably be full of holes.
  4. Contact pay pal and have a talk about it. Lots of other companies use pay pal in lots of different ways, and i'm sure this is nothing new for them. they will most likely charge you per transaction or something, but it's much better than trying to develop a buggy application that's full of security holes
  5. Also, it would prly require a form on an https/ssl page to an SQL database that is VERY secure. I don't know much about securing the I/O of such a db, or of the form, but i'm sure both need lots of attention. Also, the server itself that the db is on would need lots of security attention.
  6. Thanks, i'll contact paypal.
  7. What you want is a payment gateway. Paypal is one, another is google checkout. There are others

    Http://en.wikipedia.org/wiki/Payment_gateway

    Or you need a merchant account and they will likely have payment gateway services as well. You really dont want to be storing credit card info.
  8. Yeah i need a gateway. Why don't these sites lay out their pricing? It looks like paypal takes a percent of every transaction.
  9. Any place you use is going to take a piece. They do all the processing work, they want something for that.
Ask a new question

Read More

Security Development Business Computing