Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Remembering Credit Cards


XenoPhage

Recommended Posts

A customer of ours has a request. They would like the ability for a user of their site to jump out of the checkout, add more items, and get back to checkout without having to re-enter credit card information. It sounds like the CC information would have to be stored in either a cookie on the user's computer (super insecure) or in a session on the server (still insecure, but much less so).

 

Has anyone done anything similar? I'm very wary of the idea as I really don't want any CC information whatsoever stored on the server. Is there a way to do this that might be remotely acceptable and secure?

 

Thanks,

 

XenoPhage

XenoPhage

Link to comment
Share on other sites

Hi Jason,

 

I had to comment on this one.

 

I feel the same way about cc numbers and security but some customers just have to have them stored.

 

Here's the way I see it.

 

If you are standing in line at the store checking out and the checkout cashier is just ringing up your last item would you really say, "You know, I've decided to do some more shopping. Could you possibly be a sweetheart and hold my wallet until I return. Thank you so much."

 

I have had to turn clients down that insisted on storing credit card numbers. Maybe you could just try to stress how vitally important this issue is. Maybe remind them how much it might cost if their identity were hijacked. Is it really worth a very minor inconvenience of typing a few digits.

 

Another matter maybe also which module you are using for checkout.

 

I could look. Cause I know it can be done. And you could look and you know it can be done but that is the best I can do for you because I am so sticky about this issue of cc numbs in the db. What does their privacy policy say about it. I have come across several that storing the cc numbs is in direct contradiction to the stated privacy/conditions of use.

 

If you roam this forum you will find the answer. It is here. Please be careful.

 

Good Luck

How do you know when you know what you want to do for the rest of your life?

Link to comment
Share on other sites

Against about every merchant account providers TOS and not advicable at all.

 

Definitely against being PCI Compliant.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...