Our valued sponsor

A few things to consider before you store credit card information.

clemens

Corporate Services
Mentor Group Lifetime
Jan 2, 2009
2,902
1,023
113
Spain
Visit site
As long as the websites and the server it is hosted on is PCI compliant, and the compliance is maintained on a regular basis, then it is safe to key in your credit card information and other personal information.


Many websites will redirect the card holder to a “shared” or “secure” payment form which is hosted at the payment gateways end, and which (if the PSP is PCI compliant) is secure. In some cases and on large web shops it is sometimes of benefit for the website owner to integrate their website directly with the payment gateway which keeps the card holder on the website which then again will leave the card holder get a better experience in some cases.


However, since PCI hasn’t reached all websites and web shops on the Internet, then you will still find places which don’t redirect you to a secure payment form and which aren’t PCI compliant. This websites are unsecure and you should avoid them for any price. If they for any reason are unable to obtain a valid PCI certificate then you can be assured that it isn’t safe to enter your credit card information there.


I have seen many cases, where those website owners want to have the card holder to be kept on the Website/web shop without being redirected to any secure payment form, due to a more professional look and various other reasons, as they explain. I even heard that some want to store the card information because they want to use it for marketing and fraud prevention. However at the end of the road they didn’t care about the security, people think that just because the card information is encrypted then it is safe to store it, to those people, you are SO WRONG, it take so much more to get the proper security implemented to avoid any security breach or even avoid hackers to get the information. It is a task which many think they can overcome but they quickly see that it will cost a few bugs to get it done and because of additional expenses they just leave it and pray that nothing happens or even just don’t care about it.


It isn’t that expansive for a website owner to get compliant and have the proper security and patches applied to your server, and you can find some low cost providers like hackersafe which will help you to be and stay complaint. In my opinion a few thousand dollars should be worth it.


Many people will try to tell you other stories and have found the key to a short cut, don’t believe them; you have to follow the PCI compliance regulations which can be found here.
 

Latest Threads