Receiving and storing credit card details w/SSL

Right, I have a shopping cart all finished and set up, and need a way to process the credit card details and store them securely for later access.

The site has an SSL certificate.

So say I set up the HTML code like:

<form action="process.php" method="post">
    <fieldset>
        <input type="text" name="ccnumber"/>
        <input type="submit" />
    </fieldset>
</form>

Code (markup):

I want to add the credit card details - to the existing database preferably - securely, but still able to access for later.

Cheers,

BP

 

I thought you had to be like CISP certified or something to store CC numbers? Atleast Visa anyway?

 

OSCommerce gets around this by storing the first and last digit sets and allowing the middle set to be sent to an email address. Storing the complete cc number is against the payment gateways/CCs TOS. And I wouldn't want the liability of storing the CC #s anyway.

 

you can save the numbers to a file like this

if(isset($_POST["ccnumber"))
{
   $cc = $_POST["ccnumber"];

  $fp = fopen("db/order-".time().".txt", "x");
  fwrite($fp, $cc);
 fclose($fp);

}

PHP:

that would be the most secure way.

cheers

 

Storing in a text file?That seems secure...

I am.

Awesome. Thanks

 

PLEASE PLEASE PLEASE don store CC number in a text file.. It's not secure.. it's not even trying to be secure..

in fact don't store CC at all.. let your payment processor do that kind of stuff

 

sotring de cc number in a text file it's the worst thing you can do..

 

You'd surely want them in an encrypted file, sitting on another machine which has no real Internet access. Isn't that default, to have an "offline" machine do the storing??