If the user is connecting with ONLY one bank, then see if that bank will let you send them the encrypted SSN and they can decrypt it on their end using whatever they have.
Then all you have to do is one way hash it, and they can do the comparison on their end. -----Original Message----- From: ColdFusion Developer [mailto:cfdev...@gmail.com] Sent: Monday, May 11, 2009 7:19 PM To: cf-talk Subject: Storing SSN ... I know, I know What's a best practice for securely storing a social security number? I've talked myself blue trying to talk my client out of doing this, but the bank he's working with for this project absolutely, positively cannot process his transactions without the SSNs of our users (most of the businesses they work with are payroll companies with secure internal data storage, not a public-facing site like his will be). What would you all recommend as a process/method for storing this info in the most secure way possible? Most of what I've read just says "encrypt/decrypt it in the database and you're fine" -- but I'm not so sure that's the best course. Thanks in advance! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:322423 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4