Brandon Thompson wrote: > Wow....I was hoping someone would respond with a little balance to that > reactionary doomsday speech. Don't get me wrong...those are some very > valid > points that need to be considered, but my gosh... I'd rather frighten away somebody from storing CCs insecurely than blithely stand by while they risk a small fortune and the [client's] customers for all time. > The key-pair idea is very good. I've done systems in the past for clients > that work in a similar fashion. Why? What reason is there for doing this instead of just letting the credit card vendor store the credit card numbers and setting up a recurring charge? Convince me it's a valid reason, and I'll talk welcome more discussion about how to do it securely. Otherwise, I remain the doom-sayer: DON'T DO IT > There are multiple layers of security with two main aspects: > 1. The technical implemenation and complexity of the system > 2. The responsibility/priveledges granted to users/admins > > You can come up with the most complex, technical "secret key" solution > around (aspect #1)....but if you entrust that secret key to the wrong > person > (aspect #2), it's all for nothing. NO! It's not about who you trust: It's about who can BREAK IN and gain access to the trusted user/admin area. Or the physical devices and bypass your security completely. I trusted my client completely and implicitly. I did NOT trust every single employee, customer, or visitor who could wander into his office, co-location space, etc. If you do *NOT* have documented processes in place for how you will keep out the Bad Guys to every link of the processing chain, software and hardware, where the credit card number will exist, however briefly, then you have no business storing credit card numbers. > In the end...it's about common sense. It's FAR less dangerous to > implement > what you are suggesting than it is to simply pay for your dinner with a > credit card. Which is FAR less dangerous than Christmas shopping with a credit card. That doesn't make it safe. Playing with M-80s is FAR less dangerous than playing with dynamite, which is FAR less dangerous than playing with nitroglycerine. NONE of them are "safe" and if you don't follow established procedures and policies, it's just plain stupid to do it. > One thing I agree with Richard wholeheartedly on is his "Hi, I'm about to > perform brain surgery. Which scalpel should I use?" anology. If the > technicaly aspects of implementing a system like this escape you...then > please learn how to do it in theory first. Don't "learn on the job" with > something as precious as your credit rating. It was clear, to me at least, that the original poster did NOT have a good grasp on some rather large issues. More importantly, NOTHING posted indicated a true need to store credit card numbers. So, to simplify: If you don't NEED to store credit card numbers, if you can find ANY way to *NOT* store credit card numbers, then you will save a TON of money by not storing them, because storing them comes with a very very very large price tag in development, maintenance, auditing, and ongoing physical security of all hardware involved. If you absolutely HAVE to store credit card numbers, be prepared to shell out tens of thousands on an annual basis to keep them safe. If that's too expensive, then you're not ready to store credit card numbers. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php