Depends on how the transactions are set up and how complicated you want to make it. A project I had in the past that wanted return customers to have the ability to store CC numbers. Card transactions were not real-time, so what we had was a bit field indicating whether or not the customer had a stored card. All of the card numbers were stored (triple DES enc.) on a separate database server not accessable from the web server farm. To handle the transactions, I wrote an NT Service to build the incoming orders and run them through...
-----Original Message----- From: Chad Gray [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 12:49 PM To: CF-Talk Subject: Re: Best way to store credit cards in database? What about return visitors that want to store their CC number? MD5 hash on the number? then store it in the database? At 11:56 AM 1/28/2002 -0500, you wrote: >here here, all we keep are the last 4 numbers.....let the banks worry >... > > >>> [EMAIL PROTECTED] 01/27/02 07:00PM >>> >Don't store the credit card numbers at all. Just process the transac >tion >immediately and store the rest of the order information. > > > >----- Original Message ----- >From: "Jeff Fongemie" <[EMAIL PROTECTED]> >To: "CF-Talk" <[EMAIL PROTECTED]> >Sent: Sunday, January 27, 2002 7:17 AM >Subject: Best way to store credit cards in database? > > > > Sunday, January 27, 2002, 10:12:15 AM > > Hello CF-Talk, > > > > I've got a simple site, and uses a small Access database. We will > be > > taking credit cards. > > > > Wondering what others consider a realistic practice to ensure > > security to a reasonable level. What do others do? > > > > The site will have a SLL, but I'm thinking along the lines of > > encrypting the card number. However, I know how unsecure ColdFusi >ons > > encryption is, so why bother? > > > > If people do somehow encrypt the card number, would you be willin >g > > to give examples? And I guess I'll need a way to unencrypt the > > numbers in an admin area. > > > > I've seen where a site will store half of the number, and the sec >ond > > half gets sent by email to the shop owners. Then the shop owners > > need to go in and match up the numbers. > > > > Thanks for any advice, recommendations on this. > > > > > > Best regards, > > Jeff Fongemie mailto:[EMAIL PROTECTED] > > > >_____________________________________________________________________ >_ >Why Share? > Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 > GB MO/XFER > Instant Activation · $99/Month · Free Setup > http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc >FAQ: http://www.thenetprofits.co.uk/coldfusion/faq >Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ >Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists > > > ______________________________________________________________________ Why Share? Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
