Is it legal to process credit card information without storing it in a database or anything but sending it by email using php/ssl so it isn't stored on your servers? The point is to have the credit card info stored without having to pay 10 thousand a year to be pci compliant.
Asked
Active
Viewed 389 times
-2
-
This isn't a legal advice website. However, if you want to process credit cards, you have to meet the appropriate level of PCI compliance for the size of your business. Just not storing them in a DB alone does not satisfy the requirements for any PCI level. – Eric J. Jun 11 '12 at 03:28
-
4Who are you working for, so that I know to *never* do business with them? Seriously, there's a reason for PCI. Email is horribly insecure. – josh3736 Jun 11 '12 at 03:28
-
Also if by $10,000 you mean US dollars, it is not nearly that expensive unless you are doing a serious business volume that would make $10,000 seem not that expensive at all. – Eric J. Jun 11 '12 at 03:29
-
2use an external processor, then you don't have to be compliant at all, paypal comes to mind, but there are others – Jun 11 '12 at 03:33
-
1If you store credit card numbers **ANYWHERE** you are responsible for maintaining the security of those numbers. If you seriously think that sending a CC+CVV number to a hotmail account or something is more secure than on a properly locked down server, then I seriously suggest you get out of the programming business immediately. – Marc B Jun 11 '12 at 04:06
1 Answers
1
YOU SHOULDN'T DO IT as email is VERY insecure . Emails are always the targets of hackers . If you plan to store credit card information, you should secure the data.
Have you considered NOT storing credit card information instead?
Raptor
- 53,206
- 45
- 230
- 366