Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We have created a portal for users to pay online via our website.
We have created an option for user to check a “checkbox” to save their details to their account so they can pay easily next time.
What is the best way to save credit card details to a mySQL database? I want it to be secure, I don’t want to purely save their details to a field as “XXXXXXXXXXXXXXXX”.
What is the most secure way to save credit card details? We will have SSL on our server when the site goes live.
Regards
You should never store CC details, except the grossly masked ‘XXXX XXXX XXXX 1234’ type format, and you are not EVER permitted to store the CVV numbers.
What you can store is the transaction ID turned from your payment processor, from which you can look up their stored copy of the CC number. That relieves you of the problem of securing your system enough that you could store a CC number (which is a huge undertaking) and puts the onus of the security overhead on the processor’s head.
SSL is irrelevant for securing your database, an SSL connection exists only while an HTTP transaction is open, and then is gone. You need to have 100% security on your server AND your database at all times.
I’d suggest getting a copy of the PCI standards, which go into extreme detail as to what the requirements are for various levels of credit card handling/processing.