|
|
 |
Re: FN-FORUM: Storing credit cards
date posted 30th May 2006 09:13
he won't be doing it! He needs to sound like he knows what he is
talking about when explaining to his client why to use a payment gateway
instead of processing offline with captured CC details!
Gary Short wrote:
> Hello Andy,
>
> Here are a few ideas off the top of my head.
>
> 1. Rijndael is the Advanced Encryption Standard (AES) so you'd have to have
> a good reason for not using it as your symmetrical encryption algorithm.
>
> 2. Storing the key is going to be one of your biggest security problems.
>
> 3. Ensure you have locked down your database correctly allowing only the
> minimum required access to the database containing the card numbers.
>
> 4. Ensure you have registered with the correct authorities for storing card
> numbers.
>
> 5. Check your liability insurance covers you for this as well.
>
> 6. You'll need certificates for https.
>
> 7. Don't do it - use a payment gateway, it's cheaper, easier and safer in
> the long run.
>
> Hope this helps,
> Gary
> http://www.garyshort.org/
>
>
> -----Original Message-----
> From: [EMAIL REMOVED] [EMAIL REMOVED] On Behalf Of Andy Creed
> Sent: 30 May 2006 09:29
> To: FN-FORUM / [EMAIL REMOVED]
> Subject: FN-FORUM: Storing credit cards
>
>
> Hi
>
> I am sure this subject has been covered before but I want to get advice on
> storing credit cards in a site database rather than using a payment
> processor.
>
> I know this should avoided for obvious reasons. However the client wants to
> pursue this line of thinking? So if we can discount the fact it is a bad
> idea - what is the best way it can be done.
>
> As symmetrical encryption methods will need to be used what is the best one
> to use and what other methods should be employed to ensure (as much as
> possible) that data will be kept secure?
>
> BTW - I am not mad just curious
>
> Thanks
>
> Andy
>
|
|
|
