What is the laws to store a credit card into mysql? I mean is there any particular law on this? Is it legal as long as a condition is met?
Depends where you're based. Certinly in the UK you need a license to store personal details such as credit card details. Can't help you with anywhere else in the world.
I am not aware of any law that would prevent you from doing this in the US. Just make sure that the data you stored are encrypted to protect your clients accounts.
You can find more discussions about it at http://forums.digitalpoint.com/showthread.php?p=91308 http://www.webmasterworld.com/forum22/4405.htm
In my own opinon i wouldnt store CC details no matter where you are. not only because there COULD be laws against it, but if you are hacked and those numbers are stolen, yo will be in big big trouble.
It is advisable to store them on a separate and disconnected source for the protection of your members. If you really need to store them online, at least ensure that they are security encrypted and not exposed for the world to see.
never store client credit card number, if site can be hacked, the hacker should be able to decrypt the secutiry
There's a chance that your admin auth details will get forged and access to financial details gained. It then won't matter if your database is configured to store credit card details in encrypted form or not. While unreadable if accessed directly in the database, they will be visible to the hacker inside the admin panel. At least they should, otherwise what's the point in storing such information online when there's no way you can actually read it, online...
I am not an expert about this matter .. but how about storing the whole information on 2-3 different servers? like half cc # on one server, other half on another and expiry date on 3rd lol .. may be a silly idea?
must be some logic, using which they were split. don't say that hacker will use that logic and get them back
Sometimes with some payment processors (or in Canada, some online bank processors) will make it much easier to dispute credit card chargebacks if you have a record of the CC number, or at least CCV number . I worked for a company that had issues with storing CC # and dealing efficiently with chargebacks. I wouldn't store CC numbers simply because if an employee of the site, or 'hacker' wants to get the numbers, they can.
It think credit card companies does not allow to store credit card numbers in your system especially if you are using for internet payments. I would'nt do that as it is completely vulnerable.
You might want to read this article: http://www.informationweek.com/showArticle.jhtml?articleID=197001447 I found a couple of more about them and in each article they reference "not adhering to the xyz credit card companies policies concerning storing of data". I believe you can actually store this information but you must follow some sort of encryption practice with the data. I would start this conversation off with the company that you are using as your gateway for CC processing. Just my opinion but if you could actually store the information, I would only keep it around until the transaction has processed. Why put yourself into a situation of getting hacked?
Yeah I agree, there is a huge liability in storing sensitive information such as credit card numbers.
dont store cc info if your users find out you will loose all trust from them. They can even get stolen pretty easily so to the bottom line DONT store them i would like someone storing my cc when i buy something from a site i would feel very unsecure! hope this helps