Do not store credit card information in a session, do not store it in a database, do not store it in a file. Instead, write cc information back to the browse page using the html hidden inputs.
So, the program flow will work as follows:
- The user sends billing and payment information to the server through the html form.
- The server checks that this information is in the correct format (for example, a credit card has the appropriate number of digits, a billing address has been entered, etc.).
- After verification, the server records all the information presented as input fields of a hidden form. This includes your billing address, shipping address, and credit card information.
- The form on the overview page (with hidden input fields) has a button that says "End Order" / "Full Order". This report form publishes an order completion script.
- The finalization script stores billing / delivery information in your database and sends the credit card information to your payment gateway.
The advantages of this method are twice:
- You save the overhead and additional PCI compliance requirements that are required when storing credit information.
- This method is within the security of the SSL protocol. The value, encrypted credit card information must be sent to your server anyway - this method still relies solely on the effectiveness of SSL, without introducing the complexity of the stored credit card data.
Another problem arises in this last question: when you browse a page, you double the number of times that encrypted credit card data is transmitted over the network. With this method, there are a minimum of 4 transfers: client to server, server to client, client to server (again), and then server to gateway. Without verification, there are at least 2 transfers: from client to server and from server to gateway. Is the convenience of the review page a risk of extra gear? This is a decision that you, as a web developer (and your client), can make.
leepowers
source share