Hi,
I need to handle credit cards and would like some advice. I won't be storing
any credit card details for future payments but instead requiring the
customer to enter
their payment details each time they make a purchase. However, I'm worried about
the temporary storage of the details whilst checking out.

My checkout asks for the payment details (credit card etc) and then goes to the
review page before they click a final button to make the actual payment. I'm
concerned about storing the credit card information for use on the review page.
The customer can also go back to any part of the checkout and change
information as
needed, so I need to store this information until they finally click the "pay"
button.

I am using database session storage with a cron job to clear out the
old sessions
but I'm worried about the credit card info being available until the session
store is cleared out.

Shall I just ask for the credit card details on the review page? What would be
safest?

Many thanks,
Jordan

The safest thing to do is just ask for the details on the review page so that you never have to store them. Alternatively, you could use TrustCommerce as a CC processor, since they have a feature (Citadel) where they will store the CC info for you. It’s particularly handy for recurring billing.

Remember, too, to use filter_parameter_logging to keep the sensitive info from showing up in your logs.

The safest thing to do is just ask for the details on the review page so
that you never have to store them. Alternatively, you could use
TrustCommerce as a CC processor, since they have a feature (Citadel) where
they will store the CC info for you. It's particularly handy for recurring
billing.

Yes, I'm going to do that. It's just not worth the hassles otherwise.

Remember, too, to use filter_parameter_logging to keep the sensitive info
from showing up in your logs.

Thanks for the name, I was planning on using this but couldn't
remember the name

Cheers,
Jordan