[thelist] Shopping Sites, Credit Cards

Michael Mell mike at nthwave.net
Thu Jun 27 12:53:01 CDT 2002

> At 15:07 27/06/2002 +0100, William Anderson wrote:
> >I implemented a basic store for my work a few months ago - perl+mySQL - and
> >we don't store any credit card numbers at all.  We pass the final payment
> >total to our cc processor (worldpay fwiw), and they deal with the credit
> >cards.  We get notification back that the payment has been processed, and
> >seal the deal.  Takes the hassle out of having to potentially keep credit
> >card details somewhere.  All we store is the invoice and delivery details,
> >along with what the customer has purchased (so we can actually send them
> >stuff).

I'm going to be setting up cc transactions right soon myself. The client wants
a One-Click-y kind of thing where we store the credit card with our CreditCard
Processor. All we store is an encrypted password. After the user's first
transaction with us, the CreditCard Processor has their card number related to
the password. On the user's second transaction, we request the password, not
the card number. When we request the CreditCard Processor to validate the
purchase, we merely send the password, not the card.

Anyone built a system like this? Which Card Processors will handle this? What
are the risks/benefits?

many thanks

llemekim         YahooIM
415.455.8812     voice
419.735.1167     fax

More information about the thelist mailing list