Results 1 to 7 of 7
  1. #1
    Join Date
    Apr 2003
    Location
    Bluesquare dc, Uk
    Posts
    1,591

    Storing credit card details on a mysql database

    Dear fellow hosters,

    I am currently working with a client, whose previous host permitted them to take credit card details (via SSL), and then store them on a mysql database.

    Having done some freelance work for the client- namely a OSCommerce installation, the client has now requested I do the same.

    The client's previous host has told them storing details on a mysql database is secure. When I say mysql database, I'm talking about the servers a lot of us use- for example - one from servermatrix ev1 etc.

    Forgive me if I am way off the ball, but this is:

    a) Completely unsecure - considering the data being stored, unless this host is storing the details Worldpay / 2checkout style behind firewalls and strict security audits
    b) Actually illegal.

    I may even show this post to my client, as I feel this is quite a serious issue. I am certainly not comfortable with this, because as far as I am aware, storing credit cards on a web server contrevened both points a & b.

    Thanks in advance.
    Olly | INX-Gaming
    Call of Duty 4 hosting

  2. #2
    Join Date
    Apr 2002
    Location
    Philly Pa
    Posts
    130
    its legal, just not smart. I've seen many companies go under becauase their db's were hacked, or systems were hacked and the hacker released the credit card info.

    Bad idea to store customer data on any server on the net. Keep that data inhouse on a internal machine.

  3. #3
    Join Date
    Apr 2003
    Location
    Bluesquare dc, Uk
    Posts
    1,591
    The details go to the database, then he accesses them and deletes the 3 digit number on the back of the card once they are verified.

    Your second comment tells me why I'm not doing it!
    Olly | INX-Gaming
    Call of Duty 4 hosting

  4. #4
    I just posted some ideas on this a few days ago. Have a read!
    "The only difference between a poor person and a rich person is what they do in their spare time."
    "If youth is wasted on the young, then retirement is wasted on the old"

  5. #5
    Join Date
    Apr 2003
    Location
    Bluesquare dc, Uk
    Posts
    1,591
    Do you have a link to the thread dude?
    Olly | INX-Gaming
    Call of Duty 4 hosting

  6. #6
    Join Date
    Jun 2000
    Location
    Wichita, Ks, USA
    Posts
    1,984
    Extremely unsmart, and while its legal, if his database gets hacked, he could be held liable for any transaction made from the aquirement of those credit cards. The law requires a good faith effort by merchants to provide a secure processing environment, I believe his merchant agreement would have something to say about this as well.

    If your looking for a solution, couldnt you link oscommerce up with say authorize.net, it uses ssl, not to mention your customer wouldnt have to manually process credit cards. And its only $25.00 a month, seems like a win win situation.
    affordablecolo.com carrier grade colocation at a affordable price!
    Charles Baker - Company Operations
    1-866-316-HOST

  7. #7
    Join Date
    Apr 2003
    Location
    Bluesquare dc, Uk
    Posts
    1,591
    I've been down that route Charles. It's like banging my head up a brick wall. $25.00 a month is "too expensive".

    Anyway, he's cancelled, and is going to get his "old host" to do it for him. More fool them.
    Olly | INX-Gaming
    Call of Duty 4 hosting

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •