Hi there, I've been curious about this for awhile and could never find any good information. I used to work at a pizza place that did online ordering. The user would submit their card information and we would run it at the store. I was wondering if someone could give me an idea as to how this transaction took place. If it was PCI compliant, and how it would be sent to the printer. I could think of a couple ways but none of them really seem to be the correct way. I'm looking to do this in PHP. Thanks.
+7
A:
If I where to design this system it would be like this:
- The customer posts the order and CC information using a webform over a secure link to the server (using php to generate the page and take the info back in).
- The server would use a payment gateway and bill the card on the server (server side PHP script).
- On a successful billing it would contact a application running on a box at the restaurant with what to print on the order ticket (only the last 4 digits of the CC info is sent to the restaurant)
Updated with Chris's suggestion
Scott Chamberlain
2010-08-17 18:34:30
I agree, CC should never be printed. If at all it would be like the last 4 digits.
Chris
2010-08-17 18:37:39
In fact that's the law in many states in the US and is a rule for Visa and MasterCard (prob Amex, too). It's called credit card truncation.
John Conde
2010-08-17 18:57:10
I agree. All applications dealing with credit cards should be PCI compliant.
Mitch C
2010-08-17 19:36:28
A:
Another option is to use PGP to encode the credit card on the server with the public key. When the CC is sent to the store, it can the be decoded with the Private Key and viewed in order to charge it. But when you are passing credit card information around like that, you always run the risk of something going terribly wrong. It's always better to use a gateway and charge the card immediately or authorize the transaction and then go back and collect the funds by running the authorization number.
cdburgess
2010-08-17 19:42:00