[thelist] how secure to store credit cards

Erik Mattheis gozz at gozz.com
Mon Jan 7 02:04:27 CST 2002


>http://evolt.org/article/Credit_Card_E_Primer/18/12694/

Huh, I did a couple searches for articles on evolt and didn't find 
that. Lots of good info ... particularly this idea:

"Many sites eliminate the problem by stripping the last 6 characters 
from the stored number and emailing those characters and the order 
number to the merchant who must then match the numbers up when they 
download the orders."

So ... for someone to get the whole number, they'd have to be 
watching traffic at the time of the order and get access to the 
database.

 From reading that article, it seems like you can pretty much do 
whatever you want and hope nothing bad comes of it ... that just 
astounds me!

>but, that begs the question, what do you do with the
>credit card numbers until you process them?  which also begs the question,
>why do you need to store the credit card numbers to begin with?

This is going to be for orders of products that need to be shipped, 
and to my understanding it's illegal to charge a card for a purchase 
before the order has shipped. So my task is to find a way to keep the 
card number until the order has shipped.
-- 

__________________________________________
- Erik Mattheis

(612) 377 2272
http://goZz.com/

__________________________________________




More information about the thelist mailing list