I have a selling website, and I'm wondering if I can store my clients information in the databases like credit card number and expiration date... and transactions history, etc.
Is it legal? If yes, in which countries?
Asked
Active
Viewed 113 times
0
-
2I'd suggest starting from a position of if in doubt, don't. And also to question why you need to. It's potentially a very messy area to open up... – Kris C Nov 27 '10 at 17:15
-
I’m voting to close this question because it is off topic for Stack Overflow, and is not worth migrating to law.stackexchange.com – Jason Aller Jan 13 '21 at 21:50
3 Answers
3
Legal or not it would be extremely dangerous for you. In most places if the credit card info is stolen from your database then you would be liable. Unless you are supremely confident in your ability to safeguard the data you should not even consider it.
Vincent Ramdhanie
- 102,349
- 23
- 137
- 192
-
More info : the informations are `encrypted`. So you are going to ask why doing it so ? The answer is : When the client try to buy another time from my website, he will not enter the informations again. – Wassim AZIRAR Nov 27 '10 at 17:22
-
1@dotNet. I understand why you may want to store it. I'm just saying that it really depends on how confident you are that your encryption and other security arrangements are sufficient to prevent theft. – Vincent Ramdhanie Nov 27 '10 at 17:30
1
Look at Amazon.com or any other e-Commerce site. They do store client information like credit cards, names, transaction history, etc. Now, the legal requirements (record management, retention, privacy) of doing this may vary form jurisdiction to jurisdiction, and you have to wonder if storing that information would negatively impact perception of your site, but it is legal and done very often in North America.
I'd definitely talk to a lawyer about any regulatory requirements you may need to fulfill or any liabilities you may be opening yourself up to.
Dave White
- 3,451
- 1
- 20
- 25
