<cf_cya>
I would strongly recommend against storing credit card numbers anywhere.
1. potential for thousands, if not millions, in dollars of liability
2. if the site's customers find out, they will likely go somewhere else
(I do when I know a site stores my card #)
3. performance - CF's encryption is too weak - you'd need to use
something third-party which would probably be a load increase
4. see #1
5. see #4
6. see #5
</cf_cya>
However, if you just HAVE to keep your users from reentering their card #
every time, look at some third party solutions. Microsoft's comes to mind.
(Okay ppl - let's pretend like we're mature and not turn this into another
pathetic "why Microsoft is bad thread" - I'm just pointing out a potential
technology) I don't know how much faith I have in other company's security
infrastructures, but I'd be willing to bet that it's far better than
anything that I could ever hope to build.
----- Original Message -----
From: "Don Vawter" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, November 16, 2001 1:46 PM
Subject: Best practices storing CC
> Any advice on storing credit card info?
>
>
> My thoughts are that it should be stored in a separate db which is not
> accessible via web
> and have cf push the info to a template behind the firewall to do the
actual
> authorization and push the results back to the main server. Does this make
> sense or am I making it too complicated (or leaving something obvious
out).
>
> What are recommendatsions on encyption, is DES ok or do I need something
> else?
>
> TIA
>
> Don
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
