[thelist] how secure to store credit cards

[Erik Mattheis]

Looking on input on what security measures should be taken before I'd 
want to store credit card numbers in a DB on a webserver.

Ideally, the best solution would be the client getting a list of 
orders and keying in the transaction on the grey box they already 
have. What are thoughts on encrypting the card numbers with CF's 
Encrypt() and accessing them through SSL where the key has to be 
given ... they key would have to be stored somewhere on the webserver 
of course ... which bothers me ... ideas?

Is there a service where the entire transaction could appear to the 
visitor to occur on the server, but the credit card is not billed 
until later (ie, the order is shipped)? The way the store looks is 
really important, so something like Payflow Link isn't an option - 
have to have complete control over all the HTML.

-- 

__________________________________________
- Erik Mattheis

(612) 377 2272
http://goZz.com/

__________________________________________