[thelist] Developing secure sites and waiving liability

Keith cache at dowebscentral.com
Tue Jul 16 11:52:01 CDT 2002


At 09:33 AM Monday 7/15/2002, Judah wrote:


>When the CC comes in, store only part of the information on the server.
>   Store the visitors basic information (unique identifier, basic
>billing info perhaps) and the first 12 digits of the credit card in a
>file that is stored outside of the web root.
>
>Email off the unique identifier, basic billing info, last 4 digits of
>the CC and expiration date to the person who will do the billing.
>
>Create a secure page, lock down to a particular IP address, and require
>a username/password.  Use this page to do a lookup of the info stored on
>the server based off of the unique identifier/billing info combination
>that was emailed off.
>
>Once the report has been generated, wipe the info off of the server.
>Run a periodic process that checks to see how long its been since the CC
>info was gathered off the server.  Send emails, make phone calls, etc to
>make the end user get online and retreive the information.

This scenario has been discussed numerous times on thelist and many people
here use it successfully, myself included. There are three points I'd like
to add:

1) do not just email the last 4 digits, email at least 5 or more. The
reason, the last 4 digits are not random numbers presenting a 10,000
possible match, they are generated from the first 12 digits with an
algorithm. Some 12 digit combiniations have less that 100 possible 4 digit
matches. If someone gets ahold of the first 12 characters they might be
within 100 tries of finding a match by using the algorithm. The algorithm
for generating the last 4 characters is well known and available on the
web, People who pioneered this split storage concept email the last 6
digits. I also email only a unique transaction number and the 6 digits.

2) Andy wants to download a complete CSV for the client. The way I do that
is have a ssl/login page which lists the unique transaction numbers still
on the server with a corresponding input field for entering the 6 digits.
When this is submitted you gather the matching transactions from the
database, add the 6 digits to the 12, and generate the download on the fly,
returning a page with the transactions checked off for removal from the
database.

3) Andy is not shipping goods so this may not apply. When I generate the
billing download I also generate a second shipping document download file
that does not include the CC info and can be used for order fulfillment. If
you're familiar with Perl's printer formats this file can be printed
directly with page breaks etc for pick lists and packing lists. Likewise,
if the end user is using software to authorize the credit card a download
formatted for direct import into that software is a good idea.

There are a number of remotely hosted shopping carts online that have used
this dual storage concept for over 5 years without incident in spite of the
fact that they store e-sales data for thousands of websites daily.


Keith
====================
cache at dowebscentral.com




More information about the thelist mailing list