Hi, I need to handle credit cards and would like some advice. I won''t be storing any credit card details for future payments but instead requiring the customer to enter their payment details each time they make a purchase. However, I''m worried about the temporary storage of the details whilst checking out. My checkout asks for the payment details (credit card etc) and then goes to the review page before they click a final button to make the actual payment. I''m concerned about storing the credit card information for use on the review page. The customer can also go back to any part of the checkout and change information as needed, so I need to store this information until they finally click the "pay" button. I am using database session storage with a cron job to clear out the old sessions but I''m worried about the credit card info being available until the session store is cleared out. Shall I just ask for the credit card details on the review page? What would be safest? Many thanks, Jordan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
The safest thing to do is just ask for the details on the review page so that you never have to store them. Alternatively, you could use TrustCommerce as a CC processor, since they have a feature (Citadel) where they will store the CC info for you. It''s particularly handy for recurring billing. Remember, too, to use filter_parameter_logging to keep the sensitive info from showing up in your logs. -- Building an e-commerce site with Rails? http://agilewebdevelopment.com/rails-ecommerce Meet up at RailsConf: http://railsconf2007.conferencemeetup.com/ On Mar 9, 2007, at 3:09 AM, Jordan Elver wrote:> > Hi, > I need to handle credit cards and would like some advice. I won''t > be storing > any credit card details for future payments but instead requiring the > customer to enter > their payment details each time they make a purchase. However, I''m > worried about > the temporary storage of the details whilst checking out. > > My checkout asks for the payment details (credit card etc) and then > goes to the > review page before they click a final button to make the actual > payment. I''m > concerned about storing the credit card information for use on the > review page. > The customer can also go back to any part of the checkout and change > information as > needed, so I need to store this information until they finally > click the "pay" > button. > > I am using database session storage with a cron job to clear out the > old sessions > but I''m worried about the credit card info being available until > the session > store is cleared out. > > Shall I just ask for the credit card details on the review page? > What would be > safest? > > Many thanks, > Jordan > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> The safest thing to do is just ask for the details on the review page so > that you never have to store them. Alternatively, you could use > TrustCommerce as a CC processor, since they have a feature (Citadel) where > they will store the CC info for you. It''s particularly handy for recurring > billing.Yes, I''m going to do that. It''s just not worth the hassles otherwise.> Remember, too, to use filter_parameter_logging to keep the sensitive info > from showing up in your logs.Thanks for the name, I was planning on using this but couldn''t remember the name :) Cheers, Jordan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---