in reply to
Encrypting Credit card numbers
Don't Encrypt, Don't Store
If you go with a credit card processor like Verisign or Authorize.Net, you can just reference a previous authorization and tell them to re-bill the customer.
The process works like this:
- Collect payment information.
- Authorize the payment through your gateway (Verisign, Authorize.net, etc).
- Get your authorization number.
- Store the authorization number.
- (Time passes, then it's time to re-bill)
- "Hey credit card company - charge the customer referenced by authorization # XYZ in the amount of $Y.YY"