Collecting Credit Card Information - not to collect payment

Question

I am working in PHP on a Linux server with MySQL.

I have a requirement (that I have attempted to talk them out of) to collect credit card information from users so tha

Answer 1

This is very insecure and I think you're correct for opposing it. That said...

Some ideas:

• Can the hotel give you a rate/group code that you can disseminate to your users directly? Perhaps you could even give them a link that goes right to the hotel's reservation page, with the code already filled in.

• Don't even think about implementing this unless you can do it on an SSL-enabled site.

• Don't save the CC number anywhere, just generate the email and toss the number out. This alleviates you from having to worry about a ton of very difficult application / server security issues.

• Encrypt the email with GPG or equivalent so that it's protected in transit and can only be read by the intended recipient.