Guy Fraser wrote:
On Tue, 2007-06-05 at 16:51 -0400, Andrew Sullivan wrote:
Yes. I agree, in principle, that "don't store them" is the best
advice -- this is standard _Translucent Databases_ advice, too. For
the least-stealable data is the data you don't have.
But if there is a business case, you have to do the trade off. And
security is always a tradeoff (to quote Schneier); just do it well.
(Someone else's advice about hiring a security expert to audit this
sort of design is really a good idea.)
Have you thought about setting up an account with PayPal, and having
people pay through PayPal?
Let PayPal deal with the security, and credit card info, after all it's
what they do.
at the day job, when we switched from paypal (who we found very
undependable)
to authorize.net, we were very pleased to discover that authorize.net
would take
care of the credit card numbers for us, so we didn't have to try to
secure them beyond
the usual requirements while the numbers are in transit.
i would definitely recommend outsourcing for this if at all possible.
richard
