Freelancers Network
 
skill list top cap
Homepage
Join the Freelancer's Network
Update your details
Find a freelancer
Post a project
Find a project
Projects Archive
Post a job
Find a job
Jobs Archive
See Dan's Pages
See Andy's Pages
Link to this site
Resources
Join/Leave Forum
Forum Messages
+Additions+ Adverts
Advertising
Contact Us
Subscribe to our newsletter - enter your email address and hit return
Freelancers.net is owned and operated by Andy Stowell and Dan Winchester
skill list end cap
guru web hostcom

Find me again on Freelancers.net

RE: FN-FORUM: Storing credit cards

date posted 30th May 2006 08:44

Hello Andy,

Here are a few ideas off the top of my head.

1. Rijndael is the Advanced Encryption Standard (AES) so you'd have to have
a good reason for not using it as your symmetrical encryption algorithm.

2. Storing the key is going to be one of your biggest security problems.

3. Ensure you have locked down your database correctly allowing only the
minimum required access to the database containing the card numbers.

4. Ensure you have registered with the correct authorities for storing card
numbers.

5. Check your liability insurance covers you for this as well.

6. You'll need certificates for https.

7. Don't do it - use a payment gateway, it's cheaper, easier and safer in
the long run.

Hope this helps,
Gary
http://www.garyshort.org/


-----Original Message-----
From: [EMAIL REMOVED] [EMAIL REMOVED] On Behalf Of Andy Creed
Sent: 30 May 2006 09:29
To: FN-FORUM / [EMAIL REMOVED]
Subject: FN-FORUM: Storing credit cards


Hi

I am sure this subject has been covered before but I want to get advice on
storing credit cards in a site database rather than using a payment
processor.

I know this should avoided for obvious reasons. However the client wants to
pursue this line of thinking? So if we can discount the fact it is a bad
idea - what is the best way it can be done.

As symmetrical encryption methods will need to be used what is the best one
to use and what other methods should be employed to ensure (as much as
possible) that data will be kept secure?

BTW - I am not mad just curious

Thanks

Andy

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.7.4/351 - Release Date: 29/05/2006



--
Freelancers, contractors earn more with Prosperity4
Call 0870 870 4414 or visit www.prosperity4.com
and benefit from Inland Revenue approved expenses today.

To advertise here: http://www.freelancers.net/advertising.html

Messages by Day
May 31st 2006
May 30th 2006
May 29th 2006
May 28th 2006
May 27th 2006
May 26th 2006
May 25th 2006
May 24th 2006
May 23rd 2006
May 22nd 2006
May 21st 2006
May 20th 2006
May 19th 2006
May 18th 2006
May 17th 2006
May 16th 2006
May 15th 2006
May 14th 2006
May 13th 2006
May 12th 2006
May 11th 2006
May 10th 2006
May 9th 2006
May 8th 2006
May 7th 2006
May 6th 2006
May 5th 2006
May 4th 2006
May 3rd 2006
May 2nd 2006
May 1st 2006


Messages by Month
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
March 2006
January 2006


Messages by Year
2008
2007
2006
2005
2004
2003
2002
2001
2000