Well I have been working on an online storefront for a skate shop out on the west coast for a few weeks now. Originally the way I was going to do it was just use PayPal for Credit Card processing, by just sending the carts total pretty much, and just store shipping/contact information in my database.
Now I must change plans, because the client has his own method of processing credit card payments from customers.
We will be buying an SSL cert soon and getting it running so I can secure the web forms for submitting credit card information, along with other personal information from the customer.
I have an administration panel that I am working on for him to use which will display any new orders that come in through the store as well.
So, my specific question is this:
I still plan on storing shipping/contact information into my MySQL database, but what about the CC#'s ? How should I make the accessible to the client (via his admin panel) to charge?
I don't think I should just store them directly in the database, not concealed at all, that seems way too insecure. Or even I thought about storing them temporarily until he checks the new orders, then the CC info is erased. As well as while it's being temporarily stored, not have any of the other important information stored next to it.
OR Should I email him the CC# of the order so it is never even stored in a db?
OR ...... any suggestions ???
I dont want some major security issue. How do you guys recommend that I get him the credit card numbers from a submitted (secure) web form ? and keep them secure?
Thanks!
Online Store; Going about gathering sensitive info?
Linear Mode
