[thelist] how secure to store credit cards
Erik Mattheis
gozz at gozz.com
Sun Jan 6 21:11:43 CST 2002
Looking on input on what security measures should be taken before I'd
want to store credit card numbers in a DB on a webserver.
Ideally, the best solution would be the client getting a list of
orders and keying in the transaction on the grey box they already
have. What are thoughts on encrypting the card numbers with CF's
Encrypt() and accessing them through SSL where the key has to be
given ... they key would have to be stored somewhere on the webserver
of course ... which bothers me ... ideas?
Is there a service where the entire transaction could appear to the
visitor to occur on the server, but the credit card is not billed
until later (ie, the order is shipped)? The way the store looks is
really important, so something like Payflow Link isn't an option -
have to have complete control over all the HTML.
--
__________________________________________
- Erik Mattheis
(612) 377 2272
http://goZz.com/
__________________________________________
More information about the thelist
mailing list