Save client info for next checkouts, but without having to store card number? (Using API)

Asked

Viewed 129 times

0

and apologies in advance if the question was not very clear, but I will try to clarify the best possible:

I’m developing a relatively simple e-commerce with HTML, CSS, JS, Bootstrap, PHP, Apache, and Mysql.

I plan to use a payment API such as Pagseguro (preferable) or Mercadopago. The simpler to implement, the better. I accept new suggestions.

The problem is, I want customers to be able to check out without registration, or create an account to expedite the process next time, but I don’t want to store sensitive information like bank details or card numbers in my database, as I believe I would have to do if I were to use the transparent checkout of both of the above-mentioned Apis (please correct me if I don’t know of any other options or have misunderstood).

I could use the lightbox or the redirect/iframe checkout (which is what I prefer and wanted to use for security)but the problem is that then the same registered user would have to re-enter all the information and the registration would be a virtually useless function.

I know it may sound indecisive, but I need to know how to offer practicality without having to store sensitive information on my own basis.

Thanks for your help.

1 answer

0

Since you do not want to keep confidential information of your customers on your SQL server, you can use Cookies to do so.

If you don’t know what Cookies are: [Briefly] Cookies are data saved when accessing a website, not all websites use cookies and not all cookies have to be "important", so to speak. In your case it is!

You can use PHP for this, just know: what to save, until when to save and identify it. Note:

<?php
$valor = array(
    "nome" => "Maicon",
    "sobrenome" => "Ferreira",
    "cidade" => "Cuiabá"
    );

setcookie("MeuCookie", $valor, time()+3600); // O time é em timestamp!

?>
  • Thank you for your reply. So, I know what cookies are but they do not serve me so much for lack of security (reason tbm why I do not want to keep confidential data in DB), as for the fact that I need to keep a customer record, and cookies can be cleaned and will be fixed to the machine. I do not want to identify the computer that buys, but rather the user account. And use registration information on your next purchase, except for bank details. I wish I could just provide user ID for the API, and let it take care of itself.

  • No, something like this is not possible! Either you store the information on the client side or the server side. All methods are unsafe, but there are only these means of storing information to identify a person/machine. Cookies may be unsafe, but it will be the user’s responsibility, not yours! Already in BD, it is yours and his. NOTE: As you may know, Chrome can store some form information to be entered next time.. To streamline the process, you can also use redirect with PHP for checkout!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.