If you can avoid it at all, don't store any portion of the credit card holder data. The Payment Card Industry Security Standards doc has all sorts of wonderful regulations you must follow for dealing with CCs. There's some great reading here:
https://pcisecuritystandards.org/ If you're able to offload all of this to some third party, you should. IMHO. -- Dave -----Original Message----- From: django-users@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Joshua "jag" Ginsberg Sent: Friday, December 01, 2006 10:01 AM To: django-users@googlegroups.com Subject: Re: How should I store credit cards for offline processing Don't implement a pub/priv key pair system -- just use GnuPG. And I would strongly recommend against having the decryption of this data anywhere near the same machine as the one that stores the encrypted cc#'s. For your online processing, I recommend using TrustCommerce and store the credit card information in their "Citadel" product -- that way you don't have to store the credit card numbers ever, at all, period, for any reason, whatsoever. -jag On Fri, 2006-12-01 at 15:37 +0000, Noah wrote: > I'm working on a site who's not ready to do online processing with a > gateway but they want to launch anyways. They would like a secure way > to store the credit cards in the database. Does anyone have a good > solution for this? > > I was thinking but I'd rather not have to write all the code to > implement a pub/priv key pair system where the private key is > encrypted so the admin has to login and enter the password for the > view to decrypt the key to decrypt the credit cards. > > comments, ideas? > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
