I read a bit about PCI Data Security Standard and it doesn't seem to be a big deal. This article summarizes it: http://mkruger.cfwebtools.com/index.cfm?mode=alias&alias=cc.secure
The standard doesn't even ask that you encrypt stored values - just the transmission of values (SSL) It really defines minimums. Baz -----Original Message----- From: Robertson-Ravo, Neil (RX) [mailto:[EMAIL PROTECTED] Sent: Friday, January 13, 2006 10:05 AM To: CF-Talk Subject: RE: Encrypt CC number and store in DB Just ensure you are 100% compliant with the PCI Data Security Standard, or you can pay the consequence. -----Original Message----- From: Baz [mailto:[EMAIL PROTECTED] Sent: 13 January 2006 15:11 To: CF-Talk Subject: RE: Encrypt CC number and store in DB Those are good points bobby, but I'm sure you could think of at least 1 valid scenario where CC numbers are required for later charging... What about using a CC number to see if that CC has enough funds and then doing the charging it later? Or better yet, what if you have customers who purchase very frequently? They DEMAND to have their number stored instead of typing it in each time. These are already 2 valid cases. Baz -----Original Message----- From: Bobby Hartsfield [mailto:[EMAIL PROTECTED] Sent: Friday, January 13, 2006 9:23 AM To: CF-Talk Subject: RE: Encrypt CC number and store in DB Do you actually get people to give you their credit card information without them even knowing: a) how much they are going to be charged b) whether or not you charge them more for shipping because of where they live c) if what they WANT to order is even in stock? If so, you must have one user friendly, warm and fuzzy feeling generating site to make people feel that comfortable. (is it basket basics dot com?) Why would any of that information (in stock, shipping cost, shipping location, etc..., and a FINAL price) not be obtainable BEFORE getting the credit card number? If any of it IS unobtainable without a Credit Card number, it sounds like a flawed system to me. ....:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com -----Original Message----- From: Stephens, Larry V [mailto:[EMAIL PROTECTED] Sent: Friday, January 13, 2006 8:44 AM To: CF-Talk Subject: RE: Encrypt CC number and store in DB The best way is DO NOT DO IT. No I'm not just being sarcastic....but there should be no reason to do this [snip] Except - we don't know the final cost until the items purchased are packaged and postage/freight is figured. (And we make sure the items are actually in stock and not on order, etc.) The configuration (i.e., number of boxes) can vary a great deal depending on what is ordered (some things will pack inside others, etc.) and, of course, the actual charge depends on where you are shipping it (and keeping up with UPS and USPS shipping tables is no trivial matter). Larry Stephens [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229460 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
