Credit Card Info Safety

i would like to ask, is it safe to store client cards information in to a database?
Does wix have protection in place for this kind of data?

Storing credit card details is a particularly delicate issue, which is also governed by very strict laws.
Wix collections, although they are safe, are not compliant with all of these rules, and are therefor not a good place to store CC details.
In any case, you should probably use some special service for that, with an API.

Thanks For the answer! Yeah different countries have different laws, i was intrested at how secure it is :slight_smile: thanks For clearing that out!

Here’s a more official answer:
Our ToU state the following:
"You are not allowed to …
phish, collect, upload, or otherwise make available credit card information or other forms of financial data used for collecting payments, unless done in accordance with any applicable law, including, with the PCI DSS standard when applicable; "

No user will be able access to the specific datasete, only the admin so that he can change the monthly charge on the card. So that is not allowed either?

Hi Maria,

you can store the amount you charge from the user, but not the credit card details. We would strongly recommend you consider 3rd party tools that are PCI compliant (ex. PayPal Vault).

Is it possible to make my site PCI compliant so that i can use the database For this purpose?

You can use third party form builders and gateway tools that have ability to CAPTURE and securely store user’s card data in a PCI compliant manner. You can literally buy yourself a billing gateway and customer payment portal for like $50 a month. It has relieved me of any worries as everything that touches billing data is highly PCI compliant and I do not try to store anything in plain text anywhere. Just a very bad idea. All you really need is one complaint that results in an investigation that finds you even remotely negligent of violating PCI guidelines and requirements and that is perhaps the end of your ability in your person and business name to easily open gateway and payment accounts in the future or perhaps increase your rates significantly as the industry will then mark you as a high risk vendor.

By all accounts highly secure and PCI compliant environments are themselves making big headlines when they are hacked. You not only can get in trouble with the industry, you can outright be sued out of existence if the customer finds you name and this forum post and later finds out you were warned and knew you are not abiding by best security practices and did it anyway. That would become wanton disregard of others information and safety.

Just look at the big names that get in trouble and steer the F away from whatever you were thinking unless you find the right reputable tools to do so. There are tools that do this very nicely.

Old post reappearing, closed post.