According to Authorize.Net:
The Authorize.Net Customer Information Manager (CIM) allows merchants to create customer profiles that are stored on Authorize.Net's secure servers. By providing quick access to stored customer information, CIM is ideal for businesses that:
- Process recurring transactions where the date and/or amount is different each month (e.g. utility companies).
- Process usage charges - where you only bill when the service is used. (e.g. pay-as-you-go cell phones).
- Are concerned with PCI compliance.
- Want to provide returning customers with the convenience of not having to re-enter personal data.
One common piece of functionality CIM developers wish to implement is a reminder feature that notifies users that their credit card is about to expire and they should update it with their website. A common question asked by developers is, "How do I do this without having PCI compliance issues since it involves storing the expiration date on my website"? The answer is actually very simple:
Store the notification date instead of the expiration date!
PCI compliance covers the security of credit card information and is applied if a merchant chooses to store the expiration date of a customer. However, if you store the date you wish to begin notifying the customer that their credit card is about to expire you won't have to worry about PCI compliance as it doesn't cover non-credit card related information. If you use a standard period of time to begin the notifications, like one month before the card expires, determining exactly when the credit card expires is as simple as a little bit of math.
Example in PHP
$expiration_month = (int) $_POST['exp_month'];
$expiration_year = (int) $_POST['exp_year'];
$one_month_before expirarion = date("Y-m-d", strtotime($expiration_year . '-' . $expiration_month . '-01 - 1 month'));
This example is very simple thanks to PHP's large built in library of functions. We begin by receiving the submitted expiration month and year of the credit card. We then use PHP's built in strtotime() function to do some date math for us. We provide it with the expiration date, being sure to add the days to it so it is a valid date, and then tell the strtotime() function to subtract one month from it. We then use the date() function to convert the unix timestamp returned by strtotime() into a MySQL friendly format. Now we have the date one month before the credit card is set to expire and can store it for later retrieval, probably by a cron job, that will notify the customer that it is time to update their credit card information on file.
There you have it. An easy solution to a common problem!
