Jump to content


Web Site Design, Usability, SEO & Marketing Discussion and Support


Credit Card Law

Recommended Posts

I own a web development company. In the past clients wanted credit card processing which was simple enough, SSL and a merchant account and we were of and running. But now I have a client who needs to store credit card information (previously nothing was stored). I have read a great deal on how to do this but I have been unable to find the legal implications of doing this. Does anyone know of a reliable resource credit card storage law?


Great forum, thanks!


John Glynn

Share this post

Link to post
Share on other sites

Here is some basic info for starters:


Protecting Personal Information in Third Party Hands: An Overview of Legal Requirements

Margaret P. Eisenhauer

6 January 2006


RSS White Paper on Enterprise Identity Theft


The Gramm-Leach Bliley Act


California Privacy Legislation

AB 1950 in particular


Realize that the laws are still somewhat vague, but however vague, they essentially require you to make an effort to protect stored personal information. If you do not take reasonable measures to protect the data you collect and store, you could be be held liable based upon implied fiduciary responsibility.


And that is not just your client, but you the vendor as well. :)


IMHO, the basic steps are at minimum: Make sure the database is secure, passwords are controlled and changed regularly and the cc nums are encrypted inside the table.



Edited by Jozian

Share this post

Link to post
Share on other sites



Thank you for the thorough response, more detail than I was expecting or getting anywhere else. I will read through the links you have sent me. Thank you again.



Share this post

Link to post
Share on other sites