Hi there, I am building an e store and concerned about security of transactions. Does any body know a good reference for best practices? I also am wondering if it is a good idea to store credit card info in the Database for the sake of reuse by customers. to be honest I am a bit scared by the idea. any suggestions? thank you
+1
A:
Take a look at the OWASP site.
You can also use one of the major e-commerce packages depending on your situation.
Just found this answer too
renick
2010-08-17 10:12:56
+1
A:
Strongly recommended to avoid storing credit card details.
Any interaction you have with card details will mean you need to be aware of PCI-DSS compliance. Storing card details in a PCI compliant manner is extremely challenging.
Luckily you can rely on 3rd party Payment Service Providers to help out. Think PayPal etc. These companies will perform authorisation/settlement of card transactions and store the card details on their PCI compliant servers, meaning you only handle Token Ids rather than card details.
You should definitely spend some time looking into PCI-DSS. Even by using a 3rd party provider you will still have some obligations to be PCI compliant.
PaulG
2010-08-17 15:42:03