Re: [PHP] Re: Storing CCN's Again...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yeah, Richard's got it exactly right.  Companies like Amazon NEED to have a million precautions in place because it's not just the possible money lost to their customers, but the excessive amounts of BUSINESS lost (and trust in Amazon as a reliable and secure financial institution).  One incident of the credit card info leaking out can cost Amazon literally millions, even if it's only one CCN and it never gets used fraudulently.   Hell, just the RUMOR of it happening can cost them way too much.

But yes.. no system is unbeatable.  If you can't get directly to the CCNs, you can possibly get to them further 'upstream' after they've been decoded.  Or, more common than electronic hacking, is for someone within the organization to take sensitive financial statements without having to do any hacking, just betraying the trust of their employers.  The human is always the weakest link in any security scheme anyway.

I wouldn't recommend anyone other than a highly trained professional (or someone who's going to hire a professional to audit the system after it's built) to attempt ot do something like store credit card numbers.

The idea behind security in this instance is to make the effort not worth the payoff.  Some hackers do things for the challenge and bragging rights, but chances are, someone who's after CCNs is going to be selling them or using them.  So unless they're totally stupid or just bored and want a challenge, they're going to be thinking about a couple of things:

1. What's the financial payoff for succeeding (either in selling the CCNs or using them personally.. in either case it could be for the credit or for identity theft of another kind)

2. What's the risk and possible penalties for getting caught.


If the payoff is greater than the risk (in their mind), then it's worth it.   If they can steal a couple thousand CCNs with one COPY command and spend 2 weeks, a month, whatever offline running a brute force cracking program that will get them ALL the CCNs, then it's worth it.  If you're using suitably strong enough encryption then it could take them nearly forever to get the info, but it's still not foolproof.

PGP, for example, produces very strongly encrypted data.  But if someone has your private key and a public key that's used to decrypt the data, then all they have to do is run a brute force crack on the PGP passphrase used to decrypt it.  They're not attacking the data and it's encryption, they're attacking the passphrase.

If you can decrypt the data, someone else can too... with the right tools and keys and time.

Hell, you don't even need to get to the CCN data if someone can get in and pose as a legitmate user and order products from your site using the stored CCNs.  That might limit what they can buy, but it's still someone using a CCN that's not theirs.

Too much liability for my tastes.  I'd purchase a pre-made, hopefully secure, and guarenteed CCN management package or service.

People get real twitchy about money and bosses get real twitchy about their employees creating stuff that can bring down the company due to lawsuits and liability.  C. Y. A.  :)

-TG


= = = Original message = = =

daniel@xxxxxxxxxxxxxxxx wrote:
>> Amazon store Credit Card Number in their databases. Are we saying that
>> someone could hack into their database server and steal the numbers?

YES!

Wasn't PayPal widely publicized as a victim of such an event?

Why would you think Amazon would be any better/safer?

No system is unbeatable.

So somebody *could* break in.

You can be damn sure they work really hard to avoid that.

>> Or
>>  have Amazon gone far enough to protect their data?

How far is "far enough"?

> I supose they use a similar tactic as i have, and have a two way
> encryption
> method.

I suppose they do a LOT more than that.

They might, just as an example, have a network setup like this:

         Seg 1                Seg 2                       Seg 3
Internet <---> Public Servers <---> CC Processing Servers <---> CC Storage
Servers

Where Seg 1 and Seg 2 and Seg 3 are all on:
  Completely different sub-networks
  Completely different network cards
  Completely different routers, hubs, switches
  Completely different color-coded network cables
  .
  .
  .

And, of course, they use two-way encryption of the data that *IS* on the
CC Servers, so while the secret decoder ring is on the CC Processing
Server, you'd have to break into CC Processing, get the ring, break into
CC Storage, and then apply the ring from CC Processing to the data in CC
Storage.  Is this starting to sound like an Adventure Game or what?

They then severely restrict the source code and network access that can
work with Seg 3, with an EXTREMELY limited API, internal documented,
security audited, clean-room access, armed guards on all hardware setup,
etc

Instead of breaking into CC Storage with your secret decoder ring from CC
Processing, you can maybe find a flaw in the API of Seg 3, and sniff out
encrypted data to apply the ring, or even catch it after they decrypted
it.

The point is, you have to work much harder at it because of the segmented
architecture.

By adding an additional layer between the CC Processing and the CC
Storage, they reduce risk significantly.

All the CC machines (Processing and Storage) are in the armed guard locked
storage room for physical access to be severely curtailed.  Duh.

But the CC Storage machines have an additional layer of software/network
blocks with severely limited software/network access to the CC Storage
area.

I'm not claiming they *DO* have this, but I'll bet whatever they do have,
it's at least that complicated, if not more so.

Or, even more likely, Amazon doesn't store the number!  They let the BANK
that provides their CC processing services store the numbers.  So then the
BANK has this kind of setup.  Whatever.

This is just a description of what was explained to me on this very same
list several years ago as *ONE* industry-standard way to store CC Numbers
for later retrieval.

I'm not an expert, and may easily have left out some (okay a lot) of
crucial details.

If you're storing CC Numbers with *JUST* the 2-way encryption, maybe
you're doing it wrong.  I dunno for sure, but *I* think so.  Go hire a
professional security audit and find out.

YMMV IANAL NAIAA

-- 
Like Music?
http://l-i-e.com/artists.htm



___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.

-- 
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]

  Powered by Linux