[dsoppelsa]

Hi Everyone,

I am working on an ordering system web app for a client. Their current system is clunky and not meeting their needs. The system DOES NOT PROCESS payments, it simply builds and stores the order information and notifies the client of the order. The processing of payment is done manually in office.

For first time customers though, they are asked to enter their credit card information. This information is stored in the database until it is retrieved by an office staff member who transfers it to their inter-office, non web-based database for billing.

I have made the suggestion and had it relayed to the client that they simply contact the first time customer via telephone to acquire the credit card number initially. They are insistent that this is not an option.

For me, the request to store the credit card info is a deal-breaker and I would like to refuse the project (security concerns, PCI compliance, liability). As always though, my employer is asking me to "just make it work". I am looking for some advice here, something to help strengthen my argument to my employer and the client. Is there a such thing as a third party service that will simply store credit card information for you and handle PCI Compliance issues, allowing you to retrieve that info at a later time (presumably by supplying an encryption key)??

Any help here would be greatly appreciated.

[modi123_1]

Let me get this right - so your customers just want to store the credit card information on your systems and not do actual cc processing?

Then there's this:
http://blog.pcifree....-pci-compliant/