Hello, i'm new here. I'm a developer and run my own web development and design company. Hello everyone . I hope i have the right forum for this, i had a look around and this seemed to be the most fitting.
I have recently agreed to perform research into the feasibility of a very large website for a client. To cut to the chase in order for it do what the client requires i believe it will need to store customer payment details on the website, such as card details or bank account numbers. Firstly i was very skeptical and now after reading up a lot of information i have come to the conclusion this should not be done. Despite this, if the site was to be hosted on a dedicated server with an SSL certificate and a database that stored this information with encryption, would it be possible and worth creating it from a security and legal point of view? I'm still very skeptical.
Now this next bit may sound a bit weird but i'm afraid the clients idea is to remain secret. Just bear with it. Now the reason i believe storing the payment information on our own server is the only way to achieve what they want is that; this information, only at the clients request, will be entered on different websites and a monthly direct debit will be set up from the clients account to the other sites. The amount, what company etc will all be at the clients discretion we will just streamline the signup process.
Is there a third party system that already exists that could take the clients payment details, store them securely, then allow access to them in order for us to sign them up to other sites?
Is this legal? Should this be done?
I'm very skeptical about this and sure lot's of people will have some strong opinions, so please share.