Storing Credit Card Numbers in SESSION - ways around it?

Question

I am well aware of PCI Compliance so don\'t need an earful about storing CC numbers (and especially CVV nums) within our company database during checkout process.

Howev

Answer 1

This is what a database is for. I'm not sure about the legal ramifications here (which vary based on country and region), but one approach would be to encrypt the CC number and store it in the database as soon as you receive it from the user. You may want to store the last 4 digits in a separate field so that you can show it to the user when required. When you need to interact with the card processor on the server, retrieve and decrypt the card number from your database.