Php – Taking credit card information online without processing — how best to do so

credit-carde-commerceencryptionpci-dssPHP

I have had a number of requests from clients wanting to take a customer's credit card number online and then process the payment in store at a POS of terminal. I'm wondering what the best method of doing this is.

I don't want to store the credit card number on the server in plain text and I don't want to send an email with the number in plain text.

The clients don't want to sign up for an online payment accounts because of the higher and additional cost of an online payment processor. Also both customers can't charge online because the total will likely change because of out of stock products or problems with customers request.

What other options do I have?

I'll be using PHP. I am also in Canada if the rules have any effect on which method I should use.

Best Answer

I solved this problem by building a frontend to GPG and allowing the website owner to generate their own GPG keys. Then, all credit card data is GPG encrypted and can only be decrypted with the website owner's private key, which for additional security could be kept off the server if desired.

Related Topic