Alternative to storing credit card info [duplicate]
https://stackoverflow.com/questions/4100772
-
29-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Possible Duplicate:
Storing credit card details
I'm working on creating an architecture for a site where users can login and buy products. My boss would like the checkout page to remember the user's credit card info so they don't have to enter it every time, like Amazon.
I don't want to store credit card info in a database for a variety of reasons; I refuse to do it. But my boss insists on the site remembering the user's credit card info.
So, how can this be accomplished? It obviously is being done, unless sites like Amazon are storing user's credit card info and making it extremely secure.
Solution
Some companies do indeed store credit card information. If they're responsible, they conform to the Payment Card Industry Data Security Standards. This can be quite expensive, so companies often partner with third parties to handle these transactions.
OTHER TIPS
You could use a service like Authorize.NET's Customer Information Manager CIM. Many other payment gateways offer similar solutions. You store the payment information with them once, then make future requests for payments using a payment profile ID instead of the actual payment information. Another popular company that offers similar services is Braintree Payment Solutions.
Why not encrypt it and make a decryption program that will only allow one CC at a time to be accessed? Maybe something like that would work.
I guess even before that, you have to ask yourself whether or not the user even wants that type of functionality. The only web sites that I might want to keep my CC info stored on are Amazon.com, PapaJohns.com, and maybe one or two others. If you are selling pool equipment, doors, stereo equipment, or something like that, your boss is an idiot.
