Richard (koorb) wrote: > > Jorge Godoy wrote: >> Do you really need to store the credit card numbers? At least here it is >> illegal and not recommended. After the transaction has been done, then you >> don't need the numbers anymore... > > You would for reoccurring billing or like Amazon, so the customer does > not have to enter it every time.
Not true. Many PSPs such as WorldPay and FuturePay provide repeat billing options, where the customer's details are stored on their own servers. I have to agree with the parents though, you really must think hard about storing CC details in a database. Especially if you need to ask how to do it. A big problem with this is your app usually needs to be able to read the private key required to decrypt the database. Are you on shared hosting? How can you be 100% sure that key would be kept secret? If CC details are compromised your talking about a custodial sentence. If there is any conceivable way of avoiding storing them, take it. Personally, even if a client demanded that I store CC details, I would tell him to shove it or shell out for real consultancy. I don't want to go to jail. -Rob > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
