[thelist] how secure to store credit cards
Erik Mattheis
gozz at gozz.com
Mon Jan 7 02:04:27 CST 2002
>http://evolt.org/article/Credit_Card_E_Primer/18/12694/
Huh, I did a couple searches for articles on evolt and didn't find
that. Lots of good info ... particularly this idea:
"Many sites eliminate the problem by stripping the last 6 characters
from the stored number and emailing those characters and the order
number to the merchant who must then match the numbers up when they
download the orders."
So ... for someone to get the whole number, they'd have to be
watching traffic at the time of the order and get access to the
database.
From reading that article, it seems like you can pretty much do
whatever you want and hope nothing bad comes of it ... that just
astounds me!
>but, that begs the question, what do you do with the
>credit card numbers until you process them? which also begs the question,
>why do you need to store the credit card numbers to begin with?
This is going to be for orders of products that need to be shipped,
and to my understanding it's illegal to charge a card for a purchase
before the order has shipped. So my task is to find a way to keep the
card number until the order has shipped.
--
__________________________________________
- Erik Mattheis
(612) 377 2272
http://goZz.com/
__________________________________________
More information about the thelist
mailing list