Credit card best practice

Hi, I need to handle credit cards and would like some advice. I won't be storing any credit card details for future payments but instead requiring the customer to enter their payment details each time they make a purchase. However, I'm worried about the temporary storage of the details whilst checking out.

My checkout asks for the payment details (credit card etc) and then goes to the review page before they click a final button to make the actual payment. I'm concerned about storing the credit card information for use on the review page. The customer can also go back to any part of the checkout and change information as needed, so I need to store this information until they finally click the "pay" button.

I am using database session storage with a cron job to clear out the old sessions but I'm worried about the credit card info being available until the session store is cleared out.

Shall I just ask for the credit card details on the review page? What would be safest?

Many thanks, Jordan

The safest thing to do is just ask for the details on the review page so that you never have to store them. Alternatively, you could use TrustCommerce as a CC processor, since they have a feature (Citadel) where they will store the CC info for you. It’s particularly handy for recurring billing.

Remember, too, to use filter_parameter_logging to keep the sensitive info from showing up in your logs.

The safest thing to do is just ask for the details on the review page so that you never have to store them. Alternatively, you could use TrustCommerce as a CC processor, since they have a feature (Citadel) where they will store the CC info for you. It's particularly handy for recurring billing.

Yes, I'm going to do that. It's just not worth the hassles otherwise.

Remember, too, to use filter_parameter_logging to keep the sensitive info from showing up in your logs.

Thanks for the name, I was planning on using this but couldn't remember the name

Cheers, Jordan