We regularly receive requests to help with Formidable Forms projects where the requirements include storing either credit card or ACH details in the WordPress database. While we love working on any Formidable Forms projects for our clients, we believe it's incumbent upon us to educate and inform you of the risks and potential liabilities involved with doing so.
Because of regulatory compliance specifications, it is strongly recommended not to store these data elements in your website's database. The legal liability that accompanies doing so can be significant. We recommend using a 3rd-party PCI compliant payment processor instead.
However, if you can't avoid it, the data elements you are permitted to save should at least be encrypted. If a breach occurs, the thieves won't be able to view the data in plain text.
In this article, we'll explain:
What is PCI/ACH
Strong Cryptography
Formidable Pro Credit Card Field
Encrypt/decrypt Data
Use with Formidable Forms
Final Thoughts