02-13-2006, 11:29 AM
We're taking credit card details online and processing them offline, so we need to store them encrypted in the db, but they it needs to be 2-way encryption.
So, I'm wondering what the best form of encryption for this would be? I cant remember what I used in ASP - I know I tried blowfish but there were problems with it...
storing creditcard-details as encoded text is not acceptable practice.
are the users of that site aware that the creditcarddetails are stored in a decodable form?
anyway, if you wanna go ahead with this, i think you better create your own encoding-function, where you use a userspecific salt.
02-13-2006, 01:31 PM
What would you suggest instead? Telepathy?!
Its a perfectly common practice, particularly places that already have merchant services for offline orders. Theres no point storing CC numbers in a form that isnt retrievable.
I know companies who have been using this method for years and have never had any problems.
There are soo many encryption algorithms to choose from but I'd like to make a slightly more informed desicion than 'ip dip'.
i'm sorry me reply offended you.
a secure way is to automatically download transactions every 15 minutes and remove them from the db (I've been working on a process like this although the setup here is a little weird so it requires a bit of work / testing).
02-13-2006, 02:55 PM
Alot of ASP scripts use rc4
Are you using SSL as well?