View Full Version : Credit card encryption

05-26-2004, 11:37 PM
Is it possible to securely encrypt credit card details without using SSL

At current i use an RC4 encryption but would this be considered safe enough for credit card numbers.



(i know it is always possible to crack but i'm talking about legal security)

05-27-2004, 06:06 AM
Without SSL the CC data is passed plain text between the users computer and your server , so it is vunerable until it gets there no matter what encryption you employ when it gets there.

The legal implications are not universal if indeed they have even been addressed in many places , however I would feel that it was my responsibility to ensure a secure transport for sensitive data at all times.

05-27-2004, 08:22 PM
you need SSL or similar for 2 reasons:
1) the transported packages will else be readable (as firepages pointed out). Now, you could fix that by using a clientside encryption.
2) you need to be absolutely sure you can identify the client that is posting or requesting data. So you need a more secure sessionmanagement then the build in PHP sessionmanagement
some extra info

what's 'legal security' ?

05-27-2004, 08:27 PM
what's 'legal security' ?

as opposed to illegal security? :)

05-27-2004, 08:42 PM
i suppose ...

All i realy wanted to know was how many years 'You've been founed guilty of committing legal security' would get me. Or would it get me some sort of reward?

Lesson learned : never ask a question you don't understand :D