Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to save credit card data in a database?

Tags:

database-design

stripe-payments

credit-card

braintree

authorize.net-cim

I am working on an application in which it is required to store whole credit card numbers. Is this possible to do using any API?

I have read about Authorize.net's Customer Payment Profile option, but it gives only last 4 digits when you try to retrieve that payment profile.

I have also checked Braintree's v.zero API which gives first 6 and last 4 digits and also Stripe's customer creation option but it also gives only last 4 digits.

If there is no API available, the only way to store credit card numbers is to store those in house using PCI DSS??

like image 570
Saurabh Rane Avatar asked Jun 01 '16 21:06

Saurabh Rane

People also ask

Can we save credit card information in database?

In most cases, credit card information shouldn't be stored in the database at any time. Storing this information is not only a liability for security reasons, but it results in more compliance actions that need to be taken to be PCI-compliant.

How do I keep credit card information on file?

The credit card number must be filed in a secure location, in a safe or under lock and key. Credit card numbers must not be stored electronically, i.e. in a spreadsheet, database, or anywhere on a computer and/or network. Once the customer relationship is finished, the credit card number should be cross-shredded.

What is the role of database in credit card transaction?

Credit card billing systems store data in databases containing information about customers, credit plans, and items charged. Supermarket checkout systems store data in databases containing information about customers, products, and buying habits of their customers.

1 Answers

Disclosure: I work for Stripe

Yes, the ONLY way to store customer card information in-house is to do so in a PCI-compliant system. Any place you store them, and any way you handle them, MUST be PCI compliant.

One of the biggest gains from using a payment processor, like Stripe for example, is that they take care of the (very, incredibly, terrifyingly) hard work of PCI compliance for you. As part of that commitment, they're not going to release those credit card details that they work tirelessly to keep secure.

If you're willing to go through the rigors of becoming - and remaining - PCI compliant, you could collect and store the card numbers in a PCI-compliant way and use Stripe's API to create the card [0] and then make the charge. Do note that you MUST be PCI Compliant to make use of Stripe's API in this way, or you will be violating the Terms of Service.

If you can more fully explain what the application will be doing with the stored credit card numbers, maybe someone can suggest an alternative approach that doesn't require actually storing the card info locally.

[0] https://stripe.com/docs/api#create_card-source-number

like image 124
floatingLomas Avatar answered Oct 28 '22 03:10

floatingLomas
Sign in to Comment

Related questions

Is there a limitation on the number of tables a PostgreSQL database can have?
Association between two entries in SQL table
Which is better database design?
Handling multiple fact tables in Qlikview
simple table design question
add schema to path in postgresql
Database design - google app engine
database - flattened out vs. normalized
Is it bad practice to implement a separate table consisting of only two rows Female and Male?
Consolidating tables with one-to-one relationships
Storing a SQL string array, and subsequent querying
Is it ever a good idea to have a record in a reference table in your database that represent "all other records"?
maintain history in a database
How can I enforce compound uniqueness in MySQL?
Best way to store arrays of variable length in MySQL
how to check the query is using index
Good examples for teaching database design [closed]
Database design: flexibility vs. simplicity
Store images in database or on file system [duplicate]
Difference between two table structure

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!