|
I'm starting up a (well trying to) business on a student government grant this summer doing web design/hosting. I was hoping to set up an 'online billing center' but nothing really fits my needs as an automated recurring bill through someone like paypal only allows a set amount, and I would be performing mantainance, updates, etc which would mean each client has their own unique (slighly varied) fee each month. My possible solution is:
This would all be using a 128 SSL connection:
Have a central billing panel which I alone can access. There would be a profile of each client where I can add a set fee whenever I do an update, etc or if they order an additional feature. It would then store the data in a payment table in my database. It would look something like this:
id, hosting_fee, mantainance_fee, additional_fee, applicable_tax_1(0 or 1 value), applicable_tax_2(0 or 1 value), applicable_tax_3(0 or 1 value)
So when I add a half hour for mantainance the mantainance_fee table would be set to 7.50. When I did a full hour, it would select mantainance_fee from the database and then add it to 15.00 and put it back into mantainance_fee (22.50). That would happen for all the applicable fees, and a dynamic invoice would be available for the client. PHP would add together all the fees and then applicable taxes/currency conversion (as specified in the database).
In the clients billing center panel there would be two CC payment options. The first would be to pay themselves via CC by the normal form post method that my eMERCHANT gateway provides, (SSL128 connection to them, they take the $_POST values and process the order based on them) with the dynamic invoice calculating the amount due into the form.
The second option, and this is where it gets iffy, would be to have an 'automatic payment' option whereby the name, credit card number, expiry date, etc is actually stored somewhere in the database. Then, via my billing panel, at the end of the billing cycle (as determined by the date function) the same form as before would be presented to myself, except the customer information would all be filled out through the database (and be un-editable). So it wouldn't be truly automatically payed but as far as the customer would be concerned it would be.
Is it entirely stupid to store credit card information in the database when using SSL 128? I mean isn't that the same technology the big boys use? Is there another option anyone can think of? Thanks
|
