SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Addict bimalpoudel's Avatar
    Join Date
    Feb 2009
    Location
    Kathmandu, Nepal
    Posts
    279
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Credit cards storage and Auto Billing

    How do I store the credit card information safely and auto bill the customers?

    In one of the projects, I need to collect payments in a monthly schedule, by charging the credit cards automatically. It will be a PHP script.

    How can I perform auto billing? What should I consider?
    Bimal Poudel @ Sanjaal Framework over Smarty Template Engine
    ASKING INTERESTING QUESTIONS ON SITEPOINT FOURM

    Hire for coding support - PHP/MySQL

  2. #2
    SitePoint Enthusiast
    Join Date
    May 2011
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are a small business the best practice today is to not store CC information at all. Instead use a payment gateway that is certificated, regulated and secure.

    If this is not an option, CC information should be stored encrypted. This means that hacking into your application, web server or database without knowing your private key will not compromise any card data.
    You should make sure that on it's path to the DB, the CC numbers leave no traces in logs or any other persistent storage.
    This, of course, is in very high level. There is a lot around how to setup the DB encryption, how to manage the keys, how to tighten access control and so on. Those are the basics though.

    As for the architecture, I would setup two completely separate environments. One is the application that uses a one-way function to encrypt CC data on the way in.
    The second system, will pull the CC data from the database, decrypt the numbers and bill customers. This system should be an internal system that cannot be accessed from the outside. It is the only system that has access to the private key and it pulls data from the database (no data is pushed to it). It has to be very secure from all perspectives (network, access controls, passwords, etc.).


    Not sure what you mean in:
    "How can I perform auto billing?"
    Incapsula:
    Maximum Security and Performance for any Web Site - FREE Signup

  3. #3
    SitePoint Addict bimalpoudel's Avatar
    Join Date
    Feb 2009
    Location
    Kathmandu, Nepal
    Posts
    279
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Definitely,I am not interested to store the credit cards.

    But by Auto billing, I want to devise a system that charges automatically, the some amount to the customer's card. The bills are collected for a month. And it notifies the customer and charge their cards immediately. The payments are likely to vary according to the services that customer uses. Reasons are like, change in the price plans or membership types.

    But the customer does not have to enter the details again.
    Bimal Poudel @ Sanjaal Framework over Smarty Template Engine
    ASKING INTERESTING QUESTIONS ON SITEPOINT FOURM

    Hire for coding support - PHP/MySQL

  4. #4
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,547
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    You can do recurring payments using a payment gateway that has this facility built in e.g paypal web payments pro direct payments api

  5. #5
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,788
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by bimalpoudel View Post
    How do I store the credit card information safely and auto bill the customers?

    In one of the projects, I need to collect payments in a monthly schedule, by charging the credit cards automatically. It will be a PHP script.

    How can I perform auto billing? What should I consider?
    Credit card information is not allowed to be stored on servers connected to the internet. What you would need is for your payment processor provider to provide you with a hashed token value for each credit card number you give them that you store with the customers other info. You then pass them the token during the autobilling and let them match it back to the credit card details on their secure server.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  6. #6
    SitePoint Addict bimalpoudel's Avatar
    Join Date
    Feb 2009
    Location
    Kathmandu, Nepal
    Posts
    279
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Any further hints on generating the hash? And sending to the gateway?
    Plus, how can I CHANGE the "amount to be charged" during each auto billing?

    It is not a real recurring payment with fixed amount.
    The amount is likely to vary in each auto billing.
    Bimal Poudel @ Sanjaal Framework over Smarty Template Engine
    ASKING INTERESTING QUESTIONS ON SITEPOINT FOURM

    Hire for coding support - PHP/MySQL

  7. #7
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,788
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by bimalpoudel View Post
    Any further hints on generating the hash?
    You need to get the payment gateway provider to generate the hash for you - otherwise they will have no way to use it to extract the credit card details.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  8. #8
    SitePoint Addict bimalpoudel's Avatar
    Join Date
    Feb 2009
    Location
    Kathmandu, Nepal
    Posts
    279
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you @felgall.
    Seems, the specific payment gateway will have all these solved.
    After all, it is a matter of data safety and secure communication.
    Bimal Poudel @ Sanjaal Framework over Smarty Template Engine
    ASKING INTERESTING QUESTIONS ON SITEPOINT FOURM

    Hire for coding support - PHP/MySQL

  9. #9
    SitePoint Member
    Join Date
    Sep 2011
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    authorize.net would be a good payment gateway choice but there are others as well.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •