Client Wants To Store CC #'s For New Site. Need Feedback

Hey,

I am going to meet a retail merchant that has no merchant for online sales. The are a retail store that has worked this way for many years.

The new site will require, for now, a way to store/encrypt cc’s. Should I just flat out refuse to accept this method or would ioncube, ssl and AES encrypt/Decrypt with MYSQL, for a small site, suffice? Or are there better methods that can work with PHP that I may not be familiar with?

Some say to avoid mcrypt and others suggest considering to use it.

What would you do in my situation? I Just want to tell them ‘don’t bother’ but I don’t think they will support investing in a merchant for online sales for a small members only site.

There’s a great thread on here about this, let me find it; here you go.

Thank you. Although, after reading older posts on this form, I am going to refuse the job if they do not listen to me, it is at least nice to see if I can learn something. I appreciate your time and this link.

No problem, good luck. :slight_smile:

Unless you have the financial backing to comply with all the regulations that go into storing sensitive private information, DO NOT DO IT. You do not want to be like Sony at this point. Get a third-party to handle the money, credit-cards, SSL certs and so-on. Also get a Merchant account with ones bank. It is far cheaper going with a third-party payment processor then getting caught with your pants down and going bankrupt trying to settle off the debts the lawsuits bring. Understand, complying with regulations on storing this private information is extremely expensive. And no, you cannot just get a random web server from a random hosting company.

Agreed. I will determine if they should open with authorize.net or Paypal (which can use Payflow pro or api docapture process).

Thanks, guys.