Solved

need website security advice

Posted on 2013-01-20
3
131 Views
Last Modified: 2013-10-30
The website Im working on excepts credit cards. An account can have many users.
I want to ge the option to the buyer to save his credit card info, so it makes the next checkout quicker... When I say the credit card info is saved, no information is saved on my servers for security, but when the user chooses to save their card info I send an XML string to the payment processor asking for a token to be able to rebill the same card. having said that, I want to give the option of the credit card holder to share the ability to place an order using his credit card saved on file to the users on his account providing he sets the right permissions... Any advice on this feature would be greatly appreciated. im also guessing if I would go forward I would create another table to place the users that have permission to use the credit card on file...
0
Comment
Question by:prowebinteractiveinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 17

Expert Comment

by:Dushan De Silva
ID: 38799806
It's never gonna good idea to save credit card details on your system. Give Credit card company to manage those and best not to touch or save those details locally. Also there could legal issue.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 38800906
RUN, don't walk, to your bank and set up a meeting with them, your business lawyer and your payment processor that is giving you the XML token.  On the agenda will be PCI Compliance or its equivalent in your countries.  You need expert legal and technical advice on this topic, since mishandling such information can get you sued or land you in jail.  

My guess is that once one of your clients gives you permission to charge his credit card for the bills of another client, you will have a fiduciary obligation to cross-notify, and when that permission is withdrawn or expires, you will need to again cross-notify.  It's complicated and it has a lot of implications that go far beyond the advice you can get here at EE.  Get professional advice that is directly in consonance with your exact business situation!

Best regards, ~Ray
0
 
LVL 34

Accepted Solution

by:
Slick812 earned 500 total points
ID: 38803161
hello, ,  This can be risky as others have said, , however there are some " payment processors " as you say, that do have options to have another payment order to use stored credit info. If you have found that your " payment processor " is a good one (as one with ratings or BANK certifies), you must follow their procedures exactly for setting payment info (credit card) to "SAVE", I would guess that the <XML> string has no actual name or credit card numbers, just an account (your web company acct) ID and a User reference ID with a true or false to set the storing payment info. I am trying to say that you should not send any XML with credit card number and owners name, as this is a BIG RISK.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question