For mondernbill users....How safe is it to use their encryption and keys to store credit card numbers. I'm uncomfortable with it because of my lack of knowledge of Moderbill. In their pre-sales forum, I see the admin say its safe in one post, and then say it isn't recommended in another post. Whats the scoop.

If I do not store numbers this way, what are my other options of obtaining the card number and storing it securely off-line.

safe to store the CC#, unsafe to store the CVV #s (the 3 numbers on the back of the CC where the signature line is). Come to think about it, it's illegal to store the CVV #s

Thanks for the very prompt reply. Now, with modernbill, if it doesn't store the CVV, is there a problem when it comes time to bill the client. It looks like modernbill batches everything...would I need to retain the CVV off-line and then enter that manually when it comes time to bill that client?

the CVV # is only used for the initial setup, to confirm that that is the actual owner of the credit card. Once they submit their information, you are to encrypt their CC # in your Admin screen of MB. Everymonth or whenever you chose to charge them, it will send the # directly to your payment processing company. However, if you are using a 3rd company cc company, like 2Checkout or Paysystems.com, they store the Info and ModernBill doesn't do any charging than. I'd recommend getting a merchant account so you can control all aspects of the payment and let ModernBill do the charging rather than a 3rd company cc.

Robert,
That is exactly what I was wondering. I didn't realize the CVV was needed only for the first purchase...that was my concern on the recurring months. Thank you again...that is exactly what I needed to know ;)

You have the option of storing the CVV #, but it's your own risk if someone was to, I don't know, hack your server and obtain all the unencrypted CCs with the CVV, full address, name and all the information.

I don't want to take that risk.. and I doubt you do as well.

When he says it's not recommended, it's a CYA statement. When he says it's safe, he's saying he is confident in his product. If you don't want to take the responsibility, use a third party processor.

Originally posted by VeroHost
You have the option of storing the CVV #, but it's your own risk if someone was to, I don't know, hack your server and obtain all the unencrypted CCs with the CVV, full address, name and all the information.

I don't want to take that risk.. and I doubt you do as well.

I don't think you can store the CVV.

Originally posted by VeroHost
I don't want to take that risk.. and I doubt you do as well.

Not to mention MC/V will jump all over you for that. Usually in the form of terminating you account, tossing you on "the List", and possibly fining you.

Originally posted by VeroHost
if you are using a 3rd company cc company, like 2Checkout or Paysystems.com, they store the Info and ModernBill doesn't do any charging than. I'd recommend getting a merchant account so you can control all aspects of the payment and let ModernBill do the charging rather than a 3rd company cc.

I can only speak of the 2co side and MB..

MB submits it to 2co as a 1 time payment each month.
As for now there is no need to even set plans/prices in 2co Panel.
MB does it all thru the API.

Downfall is user has to manually approve that cahrge every month when MB sends him an invoice. I believe it has a feature to suspend after certain amount of days, I haven't had a issue yet using that feature though.

So as is now MB controls the billing, I still do NOT store the CC #'s and was advised just to delete the to-do list for encyrpting, as that will be fixed in new update.

They are also bringing in the 2co reoccuring payments, I am not sure as to how it will work (I'm one of those that needs to do it)
but I do imagine it will be nicer ;)

HTH

Just to add to that 2co will stop attempting to bill the customer on the 31st day .. which IMHO is way more than enough time for someone to pay an invoice.. just suspend the account and you will find that they contact you pretty quick to get it resolved.