There may be reasons... just none that I can think of other than not wanting to pay for a merchant account. I've done recurring billing before... verisign stores that in my case though. Better them than us.
They also have 'Insufficient funds' error codes that are returned to you and your processing since they are capable of running the cards immediately. But, I'm sure you're right, there may be valid reasons for storing them, but none of them would validate taking a CC number BEFORE telling the user how much they are going to be charged for item(s), shipping, and if they are going to be charged at all because something wasn't in stock. Visa just 'misplaced' some hard drives with customer information on them including credit card numbers. They had to reissue TONS of cards because of it. If THEY can lose that info... so can you. Just be careful with it and know that encryption does nothing but slow down the process of getting that number. ..:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com -----Original Message----- From: Baz [mailto:[EMAIL PROTECTED] Sent: Friday, January 13, 2006 10:11 AM To: CF-Talk Subject: RE: Encrypt CC number and store in DB Those are good points bobby, but I'm sure you could think of at least 1 valid scenario where CC numbers are required for later charging... What about using a CC number to see if that CC has enough funds and then doing the charging it later? Or better yet, what if you have customers who purchase very frequently? They DEMAND to have their number stored instead of typing it in each time. These are already 2 valid cases. Baz -----Original Message----- From: Bobby Hartsfield [mailto:[EMAIL PROTECTED] Sent: Friday, January 13, 2006 9:23 AM To: CF-Talk Subject: RE: Encrypt CC number and store in DB Do you actually get people to give you their credit card information without them even knowing: a) how much they are going to be charged b) whether or not you charge them more for shipping because of where they live c) if what they WANT to order is even in stock? If so, you must have one user friendly, warm and fuzzy feeling generating site to make people feel that comfortable. (is it basket basics dot com?) Why would any of that information (in stock, shipping cost, shipping location, etc..., and a FINAL price) not be obtainable BEFORE getting the credit card number? If any of it IS unobtainable without a Credit Card number, it sounds like a flawed system to me. ....:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com -----Original Message----- From: Stephens, Larry V [mailto:[EMAIL PROTECTED] Sent: Friday, January 13, 2006 8:44 AM To: CF-Talk Subject: RE: Encrypt CC number and store in DB The best way is DO NOT DO IT. No I'm not just being sarcastic....but there should be no reason to do this [snip] Except - we don't know the final cost until the items purchased are packaged and postage/freight is figured. (And we make sure the items are actually in stock and not on order, etc.) The configuration (i.e., number of boxes) can vary a great deal depending on what is ordered (some things will pack inside others, etc.) and, of course, the actual charge depends on where you are shipping it (and keeping up with UPS and USPS shipping tables is no trivial matter). Larry Stephens [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229462 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54