Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Oct 2009
    Posts
    190
    Thanks
    12
    Thanked 2 Times in 2 Posts

    Credit Card security question

    My company is holding a raffle and companies like Paypal will not allow us to run the payments through their site because they consider it gambling.

    One solution my company has asked me if i'm capable of is having people come to the site to "buy" a ticket, then take their CC information which sends it to our office so we can manually run it and then send the raffle ticket to the customer.

    This is pretty easy on the surface but I'm concerned about the customers security (obviously). Would there be something inherently insecure about taking this information and storing it in a DB?

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Yes, this is what SSL is for. It's illegal (at least here it is) to store an unencrypted credit card number, so make sure you encrypt it (or don't retain it after you use it).

    You could also use another Payment gateway besides Paypal.

  • #3
    Regular Coder
    Join Date
    Oct 2009
    Posts
    190
    Thanks
    12
    Thanked 2 Times in 2 Posts
    Thanks.

    All I needed. I figured it was over my head but I was asked to look into it. I've never implemented anything like this and I don't think this should be my first attempt.

  • #4
    New Coder
    Join Date
    Mar 2007
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I believe you need some dataprotection in place in order to store details, if something goes wrong e.g. someones details being misplaced, your company could be liable

  • #5
    Regular Coder
    Join Date
    Apr 2010
    Posts
    125
    Thanks
    6
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by dazw1 View Post
    I believe you need some dataprotection in place in order to store details, if something goes wrong e.g. someones details being misplaced, your company could be liable
    yeah, right ... the amount of companies I've bought stuff online from only to be hit by fraud the next day with someone buying computers and mobile phones in the town next to the company I just bought from ... credit card company doesn't do anything. They just refund me from the fund they build with extortionate fees and interest.

    Fraud isn't taken seriously by anyone. They just get honest people to pay for it indirectly like the rest of crime is funded by our tax money.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •