1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Storing Credit Cards in a Database

Discussion in 'Legal Issues' started by websiteideas, Mar 17, 2006.

  1. #1
    What is the liability if you have credit cards stored in a database and your security is breached?
     
    websiteideas, Mar 17, 2006 IP
  2. ServerUnion

    ServerUnion Peon

    Messages:
    3,611
    Likes Received:
    296
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I would make sure that the numbers have an encryption on them and DO NOT store the 3 digit CSV number from the back of the card.
     
    ServerUnion, Mar 17, 2006 IP
  3. dj1471

    dj1471 Well-Known Member

    Messages:
    97
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    116
    #3
    In short, you're in big trouble if that happens.

    The best idea of course, is not to store credit card details at all (consider very carefully whether you really need to). As ServerUnion says, you'd have to store it all in an encrypted form anyway, preferably on a machine not connected to the Internet.
     
    dj1471, Mar 17, 2006 IP
  4. websiteideas

    websiteideas Well-Known Member

    Messages:
    1,406
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    130
    #4
    It appears to me that popular open source script Oscommerce stores credit cards in a database without encryption. Is this true?
     
    websiteideas, Mar 17, 2006 IP
  5. wheel

    wheel Peon

    Messages:
    477
    Likes Received:
    19
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I doubt it. Seems to me it splits the card number in half, emails half and puts the other half in a database.
     
    wheel, Mar 17, 2006 IP
  6. browntwn

    browntwn Illustrious Member

    Messages:
    8,347
    Likes Received:
    848
    Best Answers:
    7
    Trophy Points:
    435
    #6
    Serious. In some states, such as California, upon fidning out of the security breach you would be legally required to contact everyone whose card was potentially compromised and alert them. This is true whether you store them on paper or on a computer. The best advice, don't store credit card information. Or you can always let a third party do it for you.

     
    browntwn, Mar 17, 2006 IP
  7. WebTiger

    WebTiger Peon

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    There are many laws that restrict you from storing clients credit card information in a database. As browntown has stated, you could be legally responsible if anything where to happen.
     
    WebTiger, Mar 19, 2006 IP
  8. w3bmistress

    w3bmistress Peon

    Messages:
    145
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #8
    don't do it. there is no reason for keeping the numbers anyway.
     
    w3bmistress, Mar 25, 2006 IP
  9. KevinK

    KevinK Well-Known Member

    Messages:
    101
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    135
    #9
    You will need to meet the VISA/MasterCard security standards. I would STRONGLY suggest you contact your payment processor. Here are my 10 cents, but it is not legal advice.

    All data should be encrypted. All data!
    Never store the CVC code.
    For support related systems, only display the last 4 digits of the credit card number
    Make sure your system is behind a firewall and other security hardware

    You should really contact your payment processor though. Take a look at this: http://www.securitymetrics.com/sitecertinfo.adp
     
    KevinK, Mar 25, 2006 IP
  10. KevinK

    KevinK Well-Known Member

    Messages:
    101
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    135
    #10
    Sure there is! For support reasons, last 4 digits of the card number. Just an example!
     
    KevinK, Mar 25, 2006 IP
  11. EGS

    EGS Notable Member

    Messages:
    6,078
    Likes Received:
    438
    Best Answers:
    0
    Trophy Points:
    290
    #11
    I wouldn't suggest storing credit cards in a database. :-\
    If you really have to, use a script like osCommerce as it is already secure.
     
    EGS, Mar 26, 2006 IP
  12. websiteideas

    websiteideas Well-Known Member

    Messages:
    1,406
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    130
    #12
    How about if you have oscommerce installed on a shared hosting account with a web host like Godaddy? Is that considered secure?
     
    websiteideas, Mar 31, 2006 IP
  13. JackDog

    JackDog Banned

    Messages:
    9
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #13
    This is more about protection, not if you get hacked. If you made no effort to protect the data, plan on settling with a few states, mainly new york
     
    JackDog, Apr 1, 2006 IP