...

View Full Version : Credit Card Encryption



NancyJ
02-13-2006, 11:29 AM
We're taking credit card details online and processing them offline, so we need to store them encrypted in the db, but they it needs to be 2-way encryption.
So, I'm wondering what the best form of encryption for this would be? I cant remember what I used in ASP - I know I tried blowfish but there were problems with it...

raf
02-13-2006, 01:05 PM
storing creditcard-details as encoded text is not acceptable practice.

are the users of that site aware that the creditcarddetails are stored in a decodable form?


anyway, if you wanna go ahead with this, i think you better create your own encoding-function, where you use a userspecific salt.

NancyJ
02-13-2006, 01:31 PM
What would you suggest instead? Telepathy?!
Its a perfectly common practice, particularly places that already have merchant services for offline orders. Theres no point storing CC numbers in a form that isnt retrievable.
I know companies who have been using this method for years and have never had any problems.
There are soo many encryption algorithms to choose from but I'd like to make a slightly more informed desicion than 'ip dip'.

raf
02-13-2006, 01:51 PM
i'm sorry me reply offended you.

fci
02-13-2006, 02:16 PM
a secure way is to automatically download transactions every 15 minutes and remove them from the db (I've been working on a process like this although the setup here is a little weird so it requires a bit of work / testing).

degsy
02-13-2006, 02:55 PM
Alot of ASP scripts use rc4

Are you using SSL as well?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum