Ok, so given your current app design, I would still recommend that you
avoid having to store card data. With a processing service, you would
pass the CC details to create a recurring payment transaction, receiving
back a TranID and AuthToken. You store these values in your recurring
payments table, and when it is time to collect, send up a settlement
request for $x.xx and referencing the stored TranID and Token. Your
processor will then issue a pre-auth for $x.xx, followed immediately by
a funds transfer for said amount. You continue to use the same tranid
and token details until the card expires, or the customer stops
recurring payments.
-Eric
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of tim
Sent: Wednesday, December 08, 2010 3:51 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: credit card number stored issue
I will give you a little more background on what I am trying to do.
This is our current process:
1. Get CC info over phone
2. Key CC into green screen and authenticate using Java App
3. Show user confirmation or declined message
The CC info is not stored on your system.
The new requirement is to set up a recurring payment process. I will
need to
store the CC info in order to do this. I will have a night job that runs
to
process any additional CC transactions.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of DeLong, Eric
Sent: Wednesday, December 08, 2010 3:02 PM
To: Midrange Systems Technical Discussion
Subject: RE: credit card number stored issue
Just pitching this over the fence, but you might want to google "credit
card tokenization" and consider this approach from the very start...
PCI security can make you miserable if you start down the wrong path.
Tokenization relieves you of many of the most stringent PCI
requirements, but may not be appropriate for your application. Depends
mostly on how you plan to use this credit card data. You didn't say
what sort of application you are dealing with, but in many cases, you
might select a third-party solution, that keeps you completely out of
the credit card storage and transmission game. I have had good results
with CyberSource.com, but there are many providers that might fit your
needs.
Hth,
-Eric DeLong
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of David Gibbs
Sent: Wednesday, December 08, 2010 12:55 PM
To: Midrange Systems Technical Discussion
Subject: Re: credit card number stored issue
tim wrote:
I am interested in the "best" way to store credit card numbers on my
iseries. Im not sure of compliance issues.
There are very specific rules regarding storage & processing of credit
card numbers on a system.
Check out
https://www.pcisecuritystandards.org/ for more information.
david
As an Amazon Associate we earn from qualifying purchases.