More information about the Underscore mailing list

[_] storing credit card details (AKA can of worms)

Rick Hurst rick.hurst at
Mon Dec 1 16:55:46 GMT 2008

For a project I have been asked to quote on there is a requirement to
store credit card details (BTW this isn't the same thing as the
recurring billing I was on about the other day - in that instance no
credit card details are only stored with paypal on their servers).

In this instance trade customers need to be able to store their
details and keep them on file to purchase of stock. I know this is a
can of worms and have no intention of storing details on my own
server, as my professional indemnity insurance wouldn't cover me. So I
have a few questions:-

1. Are there any payment gateways that allow this set up i.e. they
store the details and you can use an api to make transactions against
a card (for varying amounts and on demand, rather than recurring

2. How do people become accredited to store credit card details on
their own server - presumably a security audit is required? Has anyone
done it and, other than your own time how much did it cost? And any
ongoing fees?


Rick Hurst, Web developer, Bristol, England