If you’ve developed an application, you’ve probably run into a time where you need to charge a user’s credit card after the initial purchase. Maybe you were implementing recurring billing, or creating a stored value account and wanted to be able to reload the account when the balance got low. If you just stored the credit card in your database, you’re not alone. Quite a few developers do this.
It’s a really bad idea!
Bryan Johnson of Braintree has written a series of blog posts about the topic of PCI compliance and risk. He also is the CEO of a payment gateway that makes getting the credit card numbers out of your application incredibly easy. Recently, we submitted a patch to Active Merchant which supports the BrainTree gateway. Besides just processing transactions, this gateway also allows you to store customer information in their secure vault. How easy is it?
@options[:store] = true response = @gateway.purchase(@amount, @creditcard, @options) @billing_id = response.params["customer_vault_id"]
Is that easy enough for you? From now on, when you want to charge that credit card, you can simply do:
@billing_id is just a simple integer. You can easily store it in your database in place of the credit card number. With the customer_vault_id, you can perform any transaction you could with a credit card. Recurring billing just got amazingly easy!
But wait, there’s more! Let’s say you wanted to take checks over the internet. Jeremy Voorhis submitted a patch to do just that! Now you can take e-checks with the same ease as credit cards.
So what are you waiting for? Get those credit cards out of your database!