| Storing Account Number / Sort Code? |
[eluser]invision[/eluser]
Hi, I'm wondering how you would store these 2 bits of information. I'm using CodeIgniter to have a user set up a customer account with a web site and these 2 pieces of information are required. Perfect world I would just get these bits of information offline (through a phone call) but I wonder, how would you approach this problem? I'd have to make sure it adheres to this standard: https://www.pcisecuritystandards.org/sec..._dss.shtml but is there anything else I should consider? How it's encrypted between user and database, how it's stored? Thanks for any help with this.
[eluser]pickupman[/eluser]
If you plan on storing credit card numbers, don't. Use a third party company like Paypal/Chargify/Authorize.net to do it for you. Fines can be very hefty in the US. CI provides and encryption library. You need to at least be using SSL on the pages where you collect data. I also believe in order to be PCI compliant you cannot be in a shared server environment. This is because other users may be able to gain access to your DB.
[eluser]invision[/eluser]
Out of interest, if I were to store the data in a PDF and not the database, would this be any more secure? I'd use SSL when the file was being uploaded to the server (outside the root). The PDF would be deleted as soon as it was downloaded by the designated user. Thanks again for your thoughts.
[eluser]pickupman[/eluser]
What 2 pieces of data are you actually trying to capture?
[eluser]Jondolar[/eluser]
What is Account Number and Sort Code? Is it a bank account number, a blog account number? If you want to get this information from the web, then you will need to build a form and when the user posts the form, you take the variables passed into your script and write them to a database. If the data needs to be secure, then you need to make sure your form posts to an SSL protected page. Good luck with your project.
[eluser]pickupman[/eluser]
Quote:What is Account Number and Sort Code?This through me at first. It looks like it would be comparable to our ACH method of bank account and routing number.
[eluser]invision[/eluser]
Yes, it's the bank account number and sort code. We've decided to just make it a printable form that is then faxed/posted to the client. It just seems too risky online. We'd have been using shared hosting which would have been even riskier. We would have used SSL for the form, moved the PDF outside the root and only let a CMS access it. But shared hosting would probably leave us without a hope of getting the PCI standard. Explaining it to the boss was pretty interesting.... Thanks for all your input guys, I may pursue this in the future.
[eluser]eokorie[/eluser]
Out of curiosity, are you trying receive payments online?
[eluser]invision[/eluser]
Sorry for the delay. Nope, no payment at all involved. This is information needed to set up a credit account for a customer. So the customer could phone my client up, order 20 of something and they wouldn't have to pay over the phone each time. Frankly I don't see the problem with retrieving these 2 bits of data over the phone one time, but then I'm not the one in charge  Thanks again for your help everyone, great community here. |
| Welcome Guest, Not a member yet? Register Sign In |
