>Yes Maureen - I know this. What "we" are asking is - What if the customer >DOESN'T WANT TO USE THOSE - What if they want you to store the credit card >anyway... regardless of compliance. (Compliance isn't law...) What if that >is your option?
Actually, there *are* states that have made compliance a law. Only a few so far, but we can expect more to follow. Also, by getting a merchant account, you are basically entering a contract with the merchant bank and agreeing to follow their rules. So if you are breached, you can be liable for severe fines which would easily hold up in court, just as any contract would. You really want to be careful as a developer agreeing to do something for a client that could lead to serious financial harm for them. >Matt's original question wasn't what are other methods - but what is the >best choice for encrypting the data. (And what is required for compliance.) One of the primary things you have to do if you plan to store credit card data, is to be up on the requirements for encryption. You not only have to encrypt the data, you have to use a multi-level encryption (key encryption key) which has to be stored separately from the rest of the data. It's not something you can handle at the ColdFusion or database level alone, and it's pretty darned expensive as well. You have to have a dedicated web sever, and a separate server for the database. There's over 200 requirements that you have to fulfill to meet the PCI compliance regulations for storing card data, that cover all kinds of things from your building and computer access to wireless security, etc. It's really well beyond the scope of any small merchant to deal with, and really silly to even consider as a way to save money versus paying for a gateway. --- Mary Jo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:330923 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4