in reply to Encrypting Credit card numbers
Dear Pete-
In your original question -
How to securely store credit cards to make them safe in case of a system penetration.
Don't forget the low tech, Kevin Mitnick style, social engineering. If you get enough credit cards, as previously noted, you become an attractive target.
Consider:
- Who has physical access to any system that has these numbers?
- Are the passwords written on the monitor?
- Where and how secure are your backups?
- Are there operators who have been warned against sneaky people calling up seeking "help"?
- Is the server room decently locked up?
- Does just anyone have the ablity to come and go?
- How good is the security of the back end that clears the transactions?
- Do you actively patrol the security updates for the OS?
Sometimes the fancy lock pick is a crow bar. -Diskcrash
In Section
Meditations