Hello friends We are starting a ecommerce site. I wish to inquire is it better to store the credit card details in database or just ask the visitor to feed in everytime he wishes to transact..
For security reasons, it's better to store the credit card details into a different table, however, don't forget to reference it via a foreign key. By starting an E-Commerce site, do you mean you are scripting your own? If so, then try to keep the user in mind, if details are going through paypal or another payment gateway, then you'll want to ensure that the admin doesn't get to see the details of their credit card, however you have to consider merchants who will use their own gateway, and that they may require the ability to see the credit card details. Also remember that credit cards expire, so you'll want to ensure you have a check function programming in to make sure the credit card will still be valid for the transaction, otherwise making the user have to input another set of card details for an active card. For the ease of the user (the person buying), it's more of a convenience to them if they don't have to keep entering their details every time they wish to make a purchase. If you don't intend to have repeat customers, and expect people to only buy once from your site, then by all means have it so they enter their details every time ^^. However, should you be using another pre-made script such as OS commerce, then you won't have to worry about it. Hope this post helps.
I would suggest you to ask your client to enter their CC details everytime they do the transaction. Its for better security coz you doesn't know when your website database will be hacked by someone
we are going for a hotel reservation website and what we thinking is to have as minimum clicks as possible to book a room.. We thinking of using email as an authority to search the rooms. and then after we confirm that a room is available wit the hotels, we can drop that guy an email which might have a booking id and thus he can enter the credit card info, and then we can process it though the payment gateway.. whats ur say?? one more question, is it better to take paypal or an integrated payment gateway from a local bank here??
Since i now know what you're designing for, i'd recommend that you have the user enter their CC details each time. Since hotel guests are generally a one off each time, there is little need for saving the details, since a repeat visitor will usually take a long time to book again. If you don't keep the details, then i'd consider using an online payment gateway rather than a local bank
thanks, we have for the time being asked the visitors to pay via net banking n also deposit through paypal.. is it fine if we publish our bank account number on a website?
I'd steer away from publishing the bank number on the site... consider only displaying the last 4 digits, and the rest should be displayed as X's for security reasons...