Credit card encryption

[itomic]

G'day.

 

Would I be correct in saying that, for the purpose of repeat billing, there is a facility within WHMCS that encypts credit card details of our clients on our server?

 

If so, could I have a little more insight into the method used? I'm not looking for a technical blueprint that would allow me or someone else to hack the encrypted credit details on any server running WHMCS! I ask because, as well as web site hosters, we're (primarily) a website development company, and the issue of repeat billing and (therefore) credit card encryption on our hosting servers is becoming increasingly to the fore. In other words, we have clients who'd like repeat billing facility built into their web-based applications, and we're very interested in learning a little more about the best or recommended ways to achieve this.

 

If not (there is no cc encryption facility within WHMCS) then how does WHMCS manage repeat billing?

 

Thanks v. much for any insights you can share with us.

[s1rk3ls]

I'm not sure on the exact method WHMCS uses, but basically they store an encrypted form of the credit card details in a database. There is a hash that is randomly generated (or you could make up your own I suppose) which can be used to decrypt the data when needed.

 

The rest of the security is up to the customer - secure the database with a strong password, only allow connections from the local server, don't use a shared server if possible, any scripts which contain the password to the database (and the hash required to decrypt the data) should also have strong user names/passwords on their accounts. And any web-based interaction with the data should be SSL encrypted.