Forum: Ruby on Rails Credit card best practice

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
188a96403bfb1b3781ab95fc1bc92241?d=identicon&s=25 Jordan Elver (jordelver)
on 2007-03-09 12:17
(Received via mailing list)
Hi,
I need to handle credit cards and would like some advice. I won't be
storing
any credit card details for future payments but instead requiring the
customer to enter
their payment details each time they make a purchase. However, I'm
worried about
the temporary storage of the details whilst checking out.

My checkout asks for the payment details (credit card etc) and then goes
to the
review page before they click a final button to make the actual payment.
I'm
concerned about storing the credit card information for use on the
review page.
The customer can also go back to any part of the checkout and change
information as
needed, so I need to store this information until they finally click the
"pay"
button.

I am using database session storage with a cron job to clear out the
old sessions
but I'm worried about the credit card info being available until the
session
store is cleared out.

Shall I just ask for the credit card details on the review page? What
would be
safest?

Many thanks,
Jordan
Db303dc84d03a992b33cd3ac978f89ae?d=identicon&s=25 Benjamin Curtis (Guest)
on 2007-03-09 15:24
(Received via mailing list)
The safest thing to do is just ask for the details on the review page
so that you never have to store them.  Alternatively, you could use
TrustCommerce as a CC processor, since they have a feature (Citadel)
where they will store the CC info for you.  It's particularly handy
for recurring billing.

Remember, too, to use filter_parameter_logging to keep the sensitive
info from showing up in your logs.

--
Building an e-commerce site with Rails?
http://agilewebdevelopment.com/rails-ecommerce

Meet up at RailsConf:
http://railsconf2007.conferencemeetup.com/
188a96403bfb1b3781ab95fc1bc92241?d=identicon&s=25 Jordan Elver (jordelver)
on 2007-03-11 20:13
(Received via mailing list)
> The safest thing to do is just ask for the details on the review page so
> that you never have to store them.  Alternatively, you could use
> TrustCommerce as a CC processor, since they have a feature (Citadel) where
> they will store the CC info for you.  It's particularly handy for recurring
> billing.

Yes, I'm going to do that. It's just not worth the hassles otherwise.

> Remember, too, to use filter_parameter_logging to keep the sensitive info
> from showing up in your logs.

Thanks for the name, I was planning on using this but couldn't
remember the name :)

Cheers,
Jordan
This topic is locked and can not be replied to.