Should I store credit card info in the database?

kenle

Members at my website has to pay monthly subscribtions. I currently store the member's credit card in the database and encrypt it.
Is this safe enough or there should be other ways to do it? I need to charge my members every time the memberships is due and I don't want members to reenter their credit info every month.

What are the best ways?

lazzerous

That's a tough situation.

Are you handling all forms of the billing?

Why not use a 3rd party service for cc payments and auto-rebilling?

kenle

you mean the third party php software to handle it? If so, do you recommend which one?

Thanks

darkvirus

im not sure if it will auto-rebill them but paypal.com is quite popular with a lot or sites of a way of users paying them

planetsim

Look into the PayPal.com IPN system.

just encrypting CC information will not be enough, and when you want to bill them again you wont be able to. If you read the .pdf (Manual) with the IPN system on PayPal.com you can do this. Not have to worry about looking after such information.

However if you know a lot about Administration know a lot about E-Commerce and handling CC information than you should be able to store information within a database as long as its encrypted and far far away from hackers to find.

I dont suggest holding them, as you will be liable.

Dizzee

I was under the impression that it was actually illegal to store credit card information of any kind