if I provide https, users think it is secure and they save their cutomer credit card number in mysql database.
If a hacker steals these number, hosting provider is liable?

I believe you could have some liability, yes. I would NOT suggest storing credit card numbers in any kind of unencrypted fashion.
-mike

I really wouldn't recommend you store any credit card info in your database if you have to ask these questions.

I really wouldn't recommend you store any credit card info in your database if you have to ask these questions.
I second this. What are you doing wanting to store credit cards and then asking a question like this lol :eek:

don't store it you wont risk it exposured

Use a cc processing company instead.

To actually answer the question though I don't think you'd have any liability since no one could really prove that their number was stolen from your database.

Why? For example "Virginia man confessed to authority hacking into Black Lotus Communications database and stealing credit card numbers". Then you are busted.
To actually answer the question though I don't think you'd have any liability since no one could really prove that their number was stolen from your database.

I believe the merchant would be held liable, not the hosting company. It is up to them to insure they are following the rules set forth by their merchant account agreement.

Why? For example "Virginia man confessed to authority hacking into Black Lotus Communications database and stealing credit card numbers". Then you are busted. Busted !! Credit card liability is serious business.

I think a 3rd party credit card processor is the best way to go ahead. 2CO etc!

I think the OP was actually wondering if he would be liable if one of his customers did this, not if he did it.
I am not sure of the answer to that, to be honest.

Why? For example "Virginia man confessed to authority hacking into Black Lotus Communications database and stealing credit card numbers". Then you are busted.
You could confess that all day long, it does not make us liable for something that did not necessarily happen.

To actually answer the question though I don't think you'd have any liability since no one could really prove that their number was stolen from your database.
A friend of mine said the best way to identify the "leak" was for the CC companies to spot the commonality. e.g. Five consumers who reported fraudulent transactions who all, as it turns out, happened to have purchased a product from <xyz merchant> in the past.
-mike

You should read this thread (http://www.webhostingtalk.com/showthread.php?t=751732).

Dont save credit card infomation it is a bad idea