Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re: Encrypting Credit card numbers

by Anonymous Monk
on Aug 04, 2003 at 13:21 UTC ( [id://280665]=note: print w/replies, xml ) Need Help??

in reply to Encrypting Credit card numbers

Searching on the same subject..
Currently I don't allow any CC number storage on my servers, but I have a client that want's to have them stored and then be able review over the web but not needing to automatically rebill.
(trying to persuade the client to use external resource for cc processing like all of my other clients.)

But..How does this sound...
I'm a bit (very big bit) ignorant on the pgp system so be forgiving.

Encrypt the CCnumber with one key and decrypt with another.
The encryption would take place on the server in a perl script, and the result stored in a data file on the server
The other key would not be on the server, it would reside on the remote clients pc.

The decryption would be done in a java routine on the client pc when viewing the data via https:

Any ideas on implementing this (pro's con's howto's?)

Paul ASI

Replies are listed 'Best First'.
Re: Re: Encrypting Credit card numbers
by Anonymous Monk on Oct 14, 2003 at 07:11 UTC
    I think a great company to have (albeit one that may not let you sleep much) would be one that held the card numbers for shmucks like myself that NEED them stored. You could set up the client to encrypt with the public key, send the info to you, and store it properly. When the info is called for, you can decrypt with the private key and process the charge as well. In essence you could run a payment gateway, but you hold the cards in encryption for each of your clients. To deal with the security on the client side, you simply let them design their own form with their own page design, but have it on your server inserting or posting as you please, secured how you want it. With this the card numbers couldn't get stolen (from the web merchant). The hacker could try and duplicate how the transaction is posted to the company holding the decryption key. But they wouldn't get the numbers. They could only run transactions through the merchant's account. Then guys like myself wouldn't even have access to my own client's card numbers, how great would that be! Not even me, as the CEO of a small web based business, could take a credit card number if I pleased. Of course one downside with owning a company such as this: every hacker and his grandma would see you as the Mecca of all credit card databases. I don't know, its 3 a.m., I'm not much of a programmer, I'm sure someone's thought of this before. If there's a company out there that does this LET ME KNOW, because I could use the service and wouldn't mind paying a percentage to ensure TOTAL and proper security of stored card numbers.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://280665]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (5)
As of 2024-04-13 18:37 GMT
Find Nodes?
    Voting Booth?

    No recent polls found