Reputation: 27527
Rails + Sessions: Safe to store partial credit card info in session?
I am working on a checkout and I want it so that on the "order summary" page, the user will see their credit card info like Card Number: ************1111, Expiration Date: 12/15. I'm not saving the credit card info since that's against standards, so I'm thinking I could save the last 4 digits of the user's credit card info + the expiration date in my session when the user inputs it on the billing information page so that on the "order summary" page it'll show.
Is this against e-commerce standards?
Upvotes: 1
Views: 177
Answers (1)
Reputation: 5343
Do it. You are allowed to print "Card Number: ******1111" on a piece of paper, and that's permanent and leakable. Hence you are allowed to store only those 4 characters in your database, and print them at need.
The expiration date, however, IS sensitive (BC it participates in authorization), so lose it.
(2 years working with payment gateways experience here...)
Upvotes: 3
Related Questions
- Rails 5 - Managing Sessions Data
- Rails: How to store data in session?
- Storing Credit Card Numbers in SESSION - ways around it?
- Is it OK to store a small object in the session?
- Storing User Data in Session - Standard Practice
- rails storing password in a session
- Rails: Is that safe to store data in "session"?
- How to avoid Credit Card information being "saved" anywhere in a Rails app?
- Things to consider while using session in Rails
- Is it 'ok' to store credit card information in the session?