Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Senior Coder NancyJ's Avatar
    Join Date
    Feb 2005
    Location
    Bradford, UK
    Posts
    3,169
    Thanks
    19
    Thanked 65 Times in 64 Posts

    Credit Card Encryption

    We're taking credit card details online and processing them offline, so we need to store them encrypted in the db, but they it needs to be 2-way encryption.
    So, I'm wondering what the best form of encryption for this would be? I cant remember what I used in ASP - I know I tried blowfish but there were problems with it...

  • #2
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    storing creditcard-details as encoded text is not acceptable practice.

    are the users of that site aware that the creditcarddetails are stored in a decodable form?


    anyway, if you wanna go ahead with this, i think you better create your own encoding-function, where you use a userspecific salt.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #3
    Senior Coder NancyJ's Avatar
    Join Date
    Feb 2005
    Location
    Bradford, UK
    Posts
    3,169
    Thanks
    19
    Thanked 65 Times in 64 Posts
    What would you suggest instead? Telepathy?!
    Its a perfectly common practice, particularly places that already have merchant services for offline orders. Theres no point storing CC numbers in a form that isnt retrievable.
    I know companies who have been using this method for years and have never had any problems.
    There are soo many encryption algorithms to choose from but I'd like to make a slightly more informed desicion than 'ip dip'.

  • #4
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i'm sorry me reply offended you.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #5
    fci
    fci is offline
    Senior Coder
    Join Date
    Aug 2004
    Location
    Twin Cities
    Posts
    1,345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    a secure way is to automatically download transactions every 15 minutes and remove them from the db (I've been working on a process like this although the setup here is a little weird so it requires a bit of work / testing).

  • #6
    Senior Coder
    Join Date
    Nov 2002
    Location
    North-East, UK
    Posts
    1,265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Alot of ASP scripts use rc4

    Are you using SSL as well?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •