How to properly charge credit cards?

Unless you have a lot of experience in this area, and resources/$$
to spend on infrastructure, I wouldn't recommend "storing" credit card
info, period.

To just process credit cards you need a merchant account plus an
account with an authorization gateway (e.g. Authorize.Net). That's
not too hard to set up. The Authorize.Net API is well documented, at
least; can't speak to other providers.

HTH,

Thanks for everyone's help. This software is unique in that I have to
accommodate return business, because most of our business will be return
business. I don't want to make the customer enter their CC info every
time they checkout. Amazon, target, etc store credit cards.

Our company has a cabinet in a data center with 5 servers, so I have the
infrastructure. I was just trying to figure out why all of it needed to
be separated out into another app. To me, if someone compromises our
server they can figure out a way to get the CC info. Separating it out
is just another hurdle to jump, but doesn't really stop them. I feel
like I am just setting up a lot of hurdles but nothing is really fool
proof.

Thanks for everyone's help. This software is unique in that I have to
accommodate return business, because most of our business will be return
business.

Uh, hardly unique. And you don't necessarily have to store card data
to handle return business. One example:

<http://www.authorize.net/solutions/merchantsolutions/merchantservices/cim/>

Amazon, target, etc store credit cards.

And if so they've spent lots of bucks, to make sure their systems are as
secure as possible (and meet the card-issuing companies' very stringent
requirements -- which you'd better be aware of before heading down this
road!).

Our company has a cabinet in a data center with 5 servers, so I have the
infrastructure.

I was talking about full-time security people, multiple firewalls, etc.;
"5 servers in a data center" ain't it. :slight_smile:

Good luck, though. Hope not to see you in the headlines :slight_smile:

Use Authorize.net CIM to store the card info and get back a token you
can use for future billing. Use the ActiveMerchant library to talk to
the gateway. You don’t need a separate app.

Ditto everything Hassan says, particularly the "5 servers" and
"headlines" part.

You may also want to take a look at Active Merchant - http://www.activemerchant.org/
- a Rails plug-in (also gem) for dealing with credit cards and payment
processors and shipping. There's even a Peepcode tutorial -
http://peepcode.com/products/activemerchant-pdf

-- Bosco

Ben,
You may want to look at the ActiveMerchant PDF published by PeepCode. I
found it to be the best and most detailed discussion of credit card
payment handling.
http://www.peepcode.com
Hope this helps.
Bharat

Ben,

Go with Hassan's and Benjamin's suggestions. I work at the credit card
industry and liabilities are just too high to risk...

Cheers, Sazima