Re: Storing Credit Cards, Passwords, Securely, two-way encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 5 Jan 2006, John Meyer wrote:

Peter Beckman wrote:
So I'm thinking about how to save credit card numbers in the DB, for
re-charging cards for subscriptions, new orders, etc.

Why, is the first question I would ask you.

So I'm thinking about how to save credit card numbers in the DB, for
re-charging cards for subscriptions, new orders, etc.

 Think one-click.  Why did Amazon patent one-click?  Impulse buys -- the "I
 want that, now" factor.  If you make 13 steps and 12 input boxes, the
 Impulse will probably pass, and you've lost your sale.

 Besides, the user can choose if they want you to save their card info.

First off, on a new order, why wouldn't you just save the authorization
code, instead of the credit card number?  That would be a lot easier.

 Sure.  But see my above point.  I want to be able to re-charge it later
 when the user wants to.

Secondly, you're opening yourself up to a _ton_ of lawsuits should anything go awry. Unless I had a _real_ good reason for storing their cc number, I wouldn't, despite the extra step.

 Yes yes, lawsuits, scary, etc.  I was looking for technical solutions,
 i.e. maybe someone knows how USPS.com or Amazon.com or GoDaddy.com (do
 they?) does it.  Or if it is all security via obscurity.

 Best solution yet:

    Public key encryption, with additional either secret word padding or
    using the users account password to pad/encrypt the card number
    (preventing a brute force attack, even if access to the DB is given).

Beckman
---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman@xxxxxxxxxxxxx                             http://www.purplecow.com/
---------------------------------------------------------------------------

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux