Transfer and storage of CVV2, CARDHOLDER for hotel reservations?

P

Prosto2012-12-11 16:56:37

PHP

Prosto, 2012-12-11 16:56:37

How to organize the acceptance of bank card details for booking a hotel on the website? (#, cardholder, valid thru, cvv2)
The hotel can use this data to charge for accommodation. It is necessary to receive and store (for some time, up to a month) this data from the site for pre-authorization.
How to do it as safely as possible, so that later there would be no problems either for me or for the hotel?
If I wasn't deformed at the hotel, then booking.com sends them this data by fax(!) in clear text!
Need an ssl certificate? How to get it? Which one is easier to get? How to encrypt? Store in mysql?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

I

isden, 2012-12-11
@Prosto

In general, there is such a thing as PCI DSS. If the place where they accept credit card data is not certified, you can have big problems.
Look, for example, here - www.braintreepayments.com/assets/308/PCI-Compliance.pdf

I

Igor, 2012-12-11
@shanker

Need an ssl certificate? How to get it? Which one is easier to get? How to encrypt? Store in mysql?

Definitely needed! So that customers are not afraid to indicate such sensitive information on your site. This was discussed in the article Six ways to win the trust of your customers
How to choose? But on Habré a couple of articles on the topic:
Digital SSL certificates. Varieties, how to choose?
How to choose an SSL certificate
As for choosing a cipher, I can't help, alas. The question requires a specialist in this field to choose the most optimal one for a specific task. I can estimate that you shouldn’t choose too cryptographically strong ciphers - it’s not such a task that you spend a lot of resources on this. It is possible to choose some kind of streaming. Are you going to write a site in PHP or what? For writing to mysql, I recommend thinking about using stored procedures. It's safer than out in the open