Credit card numbers in html5 localStorage
Question
What if I stored encrypted credit card info in the browser's localstorage? When the user visits the site again, the credit card field is prepopulated by Javascript. The form itself points directly to a payment processor, so credit card info is never transmitted to my server.
Of course, my site and the payment processor's site are accessed via https.
Is this PCI compliant? Is this a bad way to do things?
3 answers
solution1
2 2011-09-08 16:44:38
I am not certain that falls under the pci-dss regulations. Storing customer data in potentially hackable files is the big concern.
solution2
1 2011-09-02 02:07:59
不确定PCI合规性,但您也可以将信用卡信息存储在仅HTTPS的cookie中 。
solution3
1 ACCPTED 2011-09-09 16:17:28
Since the card # would essentially be stored on the client's machine, then (with my interpretation of pci-dss) you have no way to restrict or monitor access to that data even though its encrypted. Sounds to me to be non-compliant.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.