Hello,
I have an authorize.net merchant account and was wondering what I could store my clients credt card numbers so I would have to email them when there payment was due I could simply charged their card... How could this be done safely? Are there any services that store this information for you? Thanks.

Authorize.net should have it saved. In no way should you risk holding on to them yourself.

Nope I asked them that, they don't store them for you... So my only option is to hold them myself..

Hmmm... We enter them into the recurring area in linkpoint and leave them there. It automatically charges them every month and the only time we have to contact the customer is when it expires.

Hmmm would that work with a Authorize.net merchant account?.. Is anyone else using Authorze.net to proccess credit cards? If so how do you store your customers CC information?

If you must "store" them, a saftey deposit box at a bank is best.

Uhhh... Anyone know how / in a similar situation?

encryption

Encrypted and not on 'Net.

just encrypted in DES3 in a mysql database

if you guys don't put the credit cards in a database, it just means you aren't dealing with a lot of credit cards

do you think amazon.com can take each credit card and put it in a safety deposit box?

or any of the ecommerce site? they store all of it in a oracl database and encrypt the number while firewalling the server.

Thats all, this isn't that hard, you do not need to write down the credit cards and store it in a safety depoist box.

Just take safety precautions and you are fine.

ok where can I find information on DES3 encryption in a mysql database, we are dealing with thousands of credit cards so we really need this also if I encrypt them how do I un-crypt them is there a script that does this or do I have to manually do this?

I think they were kidding. Most companies store them in a database, but it's a good idea to not keep the database online.

I see how would I go about setting it up so it's downloaded as soon as the client pays so there is no way the numbers can be hacked.

You could always accept PayPal in which case, you never know their credit card number or checking account number. The PayPal IPN system works well for updating your database with customer’s who have paid, etc.

I've used that, paypal sucks :(... Plus you don't have direct access to there card so if they buy something new or go over quota I have to email them and it is a pain... Anyone know how I can store there digits safely?

Read Shannon's post in this thread for proper way to store CC's on your servers: http://www.webhostingtalk.com/showthread.php?s=&threadid=70214

Originally posted by mrbling
just encrypted in DES3 in a mysql database

if you guys don't put the credit cards in a database, it just means you aren't dealing with a lot of credit cards

do you think amazon.com can take each credit card and put it in a safety deposit box?

or any of the ecommerce site? they store all of it in a oracl database and encrypt the number while firewalling the server.

Thats all, this isn't that hard, you do not need to write down the credit cards and store it in a safety depoist box.

Just take safety precautions and you are fine.

Who said anything about writing?

If you think that is unecessary, than Im gald I dont do business with you. Secure offsite storage of highly sensitive information is a good thing.

ahhh, your all crazy!!!!!!!!:stickout NEVER EVER STORE CC#'S IN A DATABASE, EVEN IF THEY ARE CRYPTED. this was the 1st place theyd go for cc#'s, encryption really didnt matter... it wasnt like they couldnt crack it, well in some cases they couldnt, but in other they could. Anyway, let the CC# processing companies worry about that. the 2nd your database is stolen, your in some deep, i mean deep ****. =/

PS: if anyone stores CC#'s on a windows box, i have this to say to you:

HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!!!!!!:stickout :stickout

end statement...

I think everything in Shannon's HOWTO seems pretty good. I am kind of just wondering what most people do though? His solution is great if you are big enough to have your own data lines and servers inhouse. What about all the people out there using shared or dedicated machines which are at hosting companies? His solution just will not work then. Probably scary if we only knew..............