cancel
Showing results for 
Search instead for 
Did you mean: 

Not sure about payments safety

Hello,
I want to allow users to add cards to my DB. It will help to prevent double typing card's data.
I know it's not safe to store card's data, so I want to create user's profile and paymentProfile according to this:
https://github.com/AuthorizeNet/sample-code-php/blob/master/CustomerProfiles/create-customer-profile...
So I will store at my DB only profile ID and PaymentProfile ID.
When user will buy something, we will allow him to use existing card and not add another one, according to this:
https://github.com/AuthorizeNet/sample-code-php/blob/master/PaymentTransactions/charge-customer-prof...

On the frontend I will create html POST form with fields of card's data. On the backend I will send it to Authorize and take back PaymentProfile ID and profile ID and save these IDs to my DB, not card's data.

The question is: Is it will be safe, and is it good descision?

serg1992a
Member
1 REPLY 1

 

Yes using  customer profiles to enable merchants to tokenize and store sensitive customer payment information on our secure servers, which simplifies PCI DSS compliance as well as the payments process for returning customers and recurring transactions.

 

Are you looking for PCI compliant  solution ? check out our Accept Customer solution for it .

 

Authorize.Net Accept Customer is a fully hosted solution for payment information capture which allows developers to leverage our Customer Profiles API while still maintaining SAQ-A level PCI compliance. Our forms are mobile-optimized and designed to reduce friction in your consumer experience.

 

https://developer.authorize.net/api/reference/features/customer_profiles.html#Using_the_Accept_Custo...





Send feedback at developer_feedback@authorize.net
Anurag
Moderator Moderator
Moderator