credit card details advice

viola

Hi,

I need an advice.

Here is the scenario.

I have a form that takes credit card information.
Paypal or anything similar to paypal is OUT of the question, client wants us to get the information instead.
According to our system administrator, he has already set up a SSL for our server. This form would be processed in a url with https://
Client wants to have all the information stored in a mysql database.

I need advice on
1. How do i process the form? Will the https:// be enough? Or do i have any special code to include in my form processing?
2. Do i install the SSL or does the system administrator install it?
3. If i store the information in a database, how do i keep it safe/secure from hackers?
4. If i'm able to convince the client that the processed form would just send the client an email instead of storing the data, will this be secure as well? I mean the transfer from the website to the client's email, will this be secure?
5. If i'm unable to convince the client to just email the data instead of storing it, encrypting the data would make it more secure.. but how do i 'decrypt' it .. so that when the client views the data on our website, he can actually see the REAL data.

thank you for those who would help.

pete_bisby

HTTPS should be enough - SSL creates a secure connection/tunnel between the server and the user. Unless the user's computer has a virus that reads keystrokes to obtain the user information, but that is something you cannot control.
Your system administrator should install this. It is a file that is added/installed into Apache that allows secure connections. He/she should also set up a new directory so the PHP code can run securely.
3, 4, 5. It is strongly advisable to encrypt the data within the database. Sending e-mails with credit card information is a definite no-no!! An e-mail is just like sending a piece of paper through the post, so everyone can read it. Unlesss you're going to encrypt the e-mail before sending, I wouldn't go down that route. If you're using MySQL, have a look at the following URL on encrypting and decrypting data: http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html

Hopefully this information will help - good luck!!

MarkR

viola wrote:
1. I have a form that takes credit card information.

You should send it immediately to a payment service provider, to do a PREAUTH or similar transaction, then discard the card details, keeping a transaction ID or something instead.

Contact your payment provider for more information.

2. Paypal or anything similar to paypal is OUT of the question, client wants us to get the information instead.

Using a PSP which goes to an external site is very convenient as it absolves you of much responsibility for security etc.

3. According to our system administrator, he has already set up a SSL for our server. This form would be processed in a url with https://

Have you tested it? I am assuming that this is a valid properly signed, trusted certificate. If not, get one.

4. Client wants to have all the information stored in a mysql database.

Storing CC numbers is something I'd strongly recommend against. I've not developed anything in the last 5 years that did.

I need advice on
1. How do i process the form? Will the https:// be enough? Or do i have any special code to include in my form processing?

In the normal way, via HTTPS. You may want to check that $_SERVER['secure'] or something similar is set, to only accept details via HTTPS.

Of course you'll need a SSL certificate for your development server but you can use a junk one for that.

2. Do i install the SSL or does the system administrator install it?

The sysadmin installs it; your client must buy it.

3. If i store the information in a database, how do i keep it safe/secure from hackers?

In the normal way:

Hire trustworthy staff
Have all admin / sysadmin activity take place over secure connections from trusted locations (NOT cybercafes etc)
Don't share hosting with anyone untrustworthy (e.g. typical shared hosting is a definite no-no)

4. If i'm able to convince the client that the processed form would just send the client an email instead of storing the data, will this be secure as well? I mean the transfer from the website to the client's email, will this be secure?

Email is normally NOT SECURE, and should not be used to send sensitive information. Of course you could send an encrypted (e.g. S/MIME, PGP) mail, in which case it would be fine but the client would need some software and keys to decrypt it. I have found this is a pain in the arse to manage.

5. If i'm unable to convince the client to just email the data instead of storing it, encrypting the data would make it more secure.. but how do i 'decrypt' it .. so that when the client views the data on our website, he can actually see the REAL data.

There is no need to store it encrypted in any way your application cares about. HTTPS will automatically encrypt communications in both directions.

Mark

viola

pete_bisby wrote:
1. HTTPS should be enough - SSL creates a secure connection/tunnel between the server and the user. Unless the user's computer has a virus that reads keystrokes to obtain the user information, but that is something you cannot control.
2. Your system administrator should install this. It is a file that is added/installed into Apache that allows secure connections. He/she should also set up a new directory so the PHP code can run securely.
3, 4, 5. It is strongly advisable to encrypt the data within the database. Sending e-mails with credit card information is a definite no-no!! An e-mail is just like sending a piece of paper through the post, so everyone can read it. Unlesss you're going to encrypt the e-mail before sending, I wouldn't go down that route. If you're using MySQL, have a look at the following URL on encrypting and decrypting data: http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html

Hopefully this information will help - good luck!!

thank you. I find that article enlightening. It somehow assures me of the security of what i did.

viola

MarkR wrote:
You should send it immediately to a payment service provider, to do a PREAUTH or similar transaction, then discard the card details, keeping a transaction ID or something instead.

Contact your payment provider for more information.

Using a PSP which goes to an external site is very convenient as it absolves you of much responsibility for security etc.

Have you tested it? I am assuming that this is a valid properly signed, trusted certificate. If not, get one.

Storing CC numbers is something I'd strongly recommend against. I've not developed anything in the last 5 years that did.

In the normal way, via HTTPS. You may want to check that $_SERVER['secure'] or something similar is set, to only accept details via HTTPS.

Of course you'll need a SSL certificate for your development server but you can use a junk one for that.

The sysadmin installs it; your client must buy it.

In the normal way:

Hire trustworthy staff

Have all admin / sysadmin activity take place over secure connections from trusted locations (NOT cybercafes etc)

Don't share hosting with anyone untrustworthy (e.g. typical shared hosting is a definite no-no)

Email is normally NOT SECURE, and should not be used to send sensitive information. Of course you could send an encrypted (e.g. S/MIME, PGP) mail, in which case it would be fine but the client would need some software and keys to decrypt it. I have found this is a pain in the arse to manage.

There is no need to store it encrypted in any way your application cares about. HTTPS will automatically encrypt communications in both directions.

Mark

Thank you for your reply.