It is 2014. There have been hundreds of reports of malicious users accessing credit card numbers over the Internet. Yet, I still come across people who have Web sites that store Credit Card Numbers using e-commerce systems that don’t have the security in place to manage this properly. Here are several reasons why not to do this:
– It is avoidable in most cases: By using an Authorize and Capture system you can store the authorization and later capture the funds, negating many scenarios that you would need to store a credit card numbers. Major payment processing gateways allow you to store credit card numbers on their server for recurring payments. There are almost no reasons left to store a credit card number on a e-commerce site’s server.
– In most cases you are violating rules from Visa & Mastercard. Credit card providers have rules in place to stop you from doing this.
– It is dangerous. If Target can be hacked, how much easier is it to attack your system? If you are attacked, you may have to pay fines and fees for dealing with the problem.
If you store credit card numbers on your Web server, please find a developer and fix it! Please! 🙂