Data (as in the credit card numbers) will always be most secure if it's not saved anywhere. But that means that, every time a return customer wants to place another order, she has to retype the credit card info.
A lot of online shops, including the big players like Amazon, don't actually process your credit card on the website while you wait. Notice how Amazon sends you an email when you place the order and another one to let you know that your order has been approved. I don't have any inside info as to how Amazon actually handles their data, but I wouldn't be surprised if the *COMPLETE* credit card data is stored offsite and only summary info (last 4 digits of credit card number, expiration date) are stored onsite. This provides a significant amount of security while also allowing convenience. Another thing that online shops are starting to do is to require that the CVV2 code be entered for all transactions. This is a 3-4 digit number that is printed on your card and helps to authenticate the full credit card number. All of the shops using CVV2 that I've heard of require that you enter it every time. Again, a trade off in security and convenience. This is more secure than the above but actually requires that I have the credit card on hand (or memorize the CVV2). -- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 Email: [EMAIL PROTECTED] WWW: http://www.evoch.com/ > -----Original Message----- > From: Tim Laureska [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 3:47 AM > To: CF-Talk > Subject: RE: Storing Credit Card Info > > > I'm about to embark on processing CC transactions for the first time as > well ... Isn't it best to not record the CC information in a database at > all if possible... just transmit the CC info securely as possible to a > processor (ex. Authorize.net) ? > > I know some sites (ex. Amazon etc.) do maintain this info though in a DB > for frequent buyers ... > > Are there any advantages that make it imperative to deep this info in a > db > > Tim > > -----Original Message----- > From: Sicular, Alexander [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 12:39 AM > To: CF-Talk > Subject: RE: Storing Credit Card Info > > Isaac, > I think this book has been recommended here before... > > 'Translucent Databases' by Peter Wayner. > > It deals with all sorts of database/encryption issues. > > Gl, > alex > > -----Original Message----- > From: Issac Rosa [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 17, 2003 7:02 PM > To: CF-Talk > Subject: Storing Credit Card Info > > > My client has a need to store credit card. What's the best, cost > effective, most secure way of doing this? Is it just better to capture > the information in the db and then download to a local db, and keep off > the server? I'm curious to know what others are doing in this > situation. Currently, the application and db (MySQL) are on a shared > server. > > > > Thanks, > > Issac > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
