PHP Credit Card

How hard is it to use?

Once it’s installed, PHP Credit Card can be used to process credit cards by anyone that can use a computer.

It takes a basic level of php knowledge to install PHP Credit Card. We also have an installation service to get you up and running if you need help.

How secure is PHP Credit Card?

Very secure. Hundreds of hours of security research and testing has gone into PHP Credit Card to make it as secure as possible. The method it uses – RSA Encryption and splitting up the public and private key, is the only secure way for a small site to store credit card numbers.

Why is it necessary to use a windows application to decrypt the credit card details?

Encryption is only as secure as it’s private key. By storing the private key locally, hackers aren’t able to get to it to decrypt the sensitive information.

Most ecommerce carts will store the public and private key on the web server. This is extremely unsecure because if the server gets hacked, the hacker has the key. It’s like locking your door but putting the key on the mat.

A windows application is the best way to maintain maximum security whilst still being easy to use.

Why are there no other scripts that do this?

There are not any scripts to accept credit cards because it is a bad idea and a security risk to store both your public key and private key in the same location. PHP Credit Card gets around this by storing your private key on your local computer… making the whole system of storing credit cards a lot more secure.

Where can I get an SSL certificate?

SSL certificates can be purchased from www.GoDaddy.com for a very reasonable price.

Does PHP Credit Card store the CVV?

No! Storing a CVV is illegal and doing so will get your merchant account disabled. We thought that providing a script that breaks the law would be irresponsible. If you need CVV data, you need a payment gateway.

Are you sure it’s secure? Surely the local machine will have to be running some kind of security?

The credit card details are encrypted when they are sent to the local machine and are decrypted by the app, so it isn’t vulnerable to man in the middle attacks.

The only vulnerability is if the local machine has been comprimised in some way, and because of that we recommend that people have anti virus software and a firewall running.

It’s much much more secure than having the public and private key in the same place.

Can you accept AMEX with php credit card?

No