Menu
I have had a number of requests from clients wanting to take a customer's credit card number online and then process the payment in store at a POS of terminal. I'm wondering what the best method of doing this is.
I don't want to store the credit card number on the server in plain text and I don't want to send an email with the number in plain text.
The clients don't want to sign up for an online payment accounts because of the higher and additional cost of an online payment processor. Also both customers can't charge online because the total will likely change because of out of stock products or problems with customers request.
What other options do I have?
I'll be using PHP. I am also in Canada if the rules have any effect on which method I should use.
837
I recommend using Authorize.net (only because that's what I have used). You can post the credit card information to Authorize.net to capture (AUTH_CAPTURE I believe) the credit card information to be charged. Then your client can log in to the Authorize.net virtual terminal and charge or void each payment depending on available inventory.
DO NOT store credit card information, even if it's encrypted, in a database that is accessible via the internet. I do not know where PCI compliance begins and ends, but I do know that if your client is storing credit card information, then they are required to be PCI compliant by the credit providers they accept. PCI compliance is a pain, and the approach I recommend is the easiest way around it that I have found. And with minimal headaches for the client.
135
I solved this problem by building a frontend to GPG and allowing the website owner to generate their own GPG keys. Then, all credit card data is GPG encrypted and can only be decrypted with the website owner's private key, which for additional security could be kept off the server if desired.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
