Storing credit card details on a mysql database
I am currently working with a client, whose previous host permitted them to take credit card details (via SSL), and then store them on a mysql database.
Having done some freelance work for the client- namely a OSCommerce installation, the client has now requested I do the same.
The client's previous host has told them storing details on a mysql database is secure. When I say mysql database, I'm talking about the servers a lot of us use- for example - one from servermatrix ev1 etc.
Forgive me if I am way off the ball, but this is:
a) Completely unsecure - considering the data being stored, unless this host is storing the details Worldpay / 2checkout style behind firewalls and strict security audits
b) Actually illegal.
I may even show this post to my client, as I feel this is quite a serious issue. I am certainly not comfortable with this, because as far as I am aware, storing credit cards on a web server contrevened both points a & b.
Thanks in advance.
