Michael,
Thanks for the input. Feel confident that you are in good company
with your recommendations. After many replies to my original post and
some discussion, I have decided that I will encrypt the card numbers
using command line PGP before sending the using sendmail to myself.
Only a stub will be stored on the server for client verification. I
will then store them (encrypted) on a system that is isolated and
secure. I will maintain my private key on removable media and only
decrypt them long enough to process the monthly charges. At no time
will they be stored in a database unencrypted.
Do you have any suggested modifications to this plan? I do need to
charge the cards on a recurring basis, but the charges will vary from
month to month. So the recurring charge method at the payment gateway
will not work for this.
Thanks again to all that gave input.
Dave
-----Original Message-----
From: Michael T. Babcock [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 07, 2002 10:18 AM
To: '[EMAIL PROTECTED]'
Subject: Re: Protecting CC Numbers
Hack Hawk wrote:
>> This implies hard-coding a private key and password somewhere on
your
>> system. This type of system (IMO) should NEVER be connected to the
>> Internet.
>
>
Agreed and doubly agreed. In fact, I'd say you should never save a CC
#
in your database _ever_ unless you're doing routine billing to it from
accounting software. If you just want to 'remember' the user's CC #
so
they don't have to type it back in then don't -- point out on the
website that that would be a security risk and for their own safety,
you'd like them to re-enter the card # every time they make a
purchase.
>> NEVER under any circumstances should you "permanently" store CC's
>> (even encrypted) on systems that are connected to the Internet.
>
>
Agreed.
>> I say 2 to 3 days max before archiving them off-line
(off-Internet).
>> This minimizes the risk if a hacker should happen to break in.
>
>
Or seconds ... 2 or 3 days is a long time in hacked-time; set up a
write-only encrypted pipe to send the cards (if indeed you must store
them) to a database which can only be read from locally and doesn't
allow any form of login or connection from the webserver machine
except
the write-only db connection.
Stupid SQL spam filter ...
--
Michael T. Babcock
C.T.O., FibreSpeed Ltd.
http://www.fibrespeed.net/~mbabcock
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail
<[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
