[ic] How to get Credit Card # in admin

Ed LaFrance edl@newmediaems.com
Thu, 05 Apr 2001 11:39:42 -0700 

At 02:02 PM 04/05/2001 -0400, you wrote:
>Quoting Bob Puff@NLE (bob@nleaudio.com):
> > > Not so. What happens when your system gets cracked? Credit card 
> numbers are
> > > there for the taking.
> >
> > If the system gets cracked, credit card numbers are there for the 
> taking even
> > if it's not in the admin.  As was stated before, there are a few files that
> > store the credit card number, that anyone with root access can easily find.
> > Just have a look in the ORDERS directory.  Plain text credit card numbers.
>
>That is prior to using the recommended encryption. Before your store
>goes live, you should set the main route encrypt_program to a good value:
>
>   Route main encrypt_program "gpg -r you@yours.com -e -a --always-trust 
> --batch"
>
>or remove mv_credit_card_info from the etc/report file.
>
>It is a difficult situation when distributing a program. If I remove
>[value mv_credit_card_info] from the output, then we will get a slew of
>questions about "where is the credit card info". If we set things up to
>require GPG by default, then that makes things very difficult for testing.
>
>I should probably remove the individual_track and track setting from the
>default route, or set behavior when encrypt_program=null to say "CREDIT
>CARD INFO REMOVED SINCE NOT ENCRYPTED". That second is better, I think,
>and I will do it. We will have to live with the inevitable questions,
>though I think it will be better now that GPG and PGP is in wide use.
>
>Bottom line is, before enabling a catalog to go live, you should obtain
>and set up GPG and set up for encryption as is recommended in the docs
>and FAQ.
>
>Thinking about it, maybe I will set the demo to be:
>
>     Variable  ENCRYPTOR        echo Encryption not enabled yet.
>     EncryptProgram             __ENCRYPTOR__
>     Route main encrypt_program "__ENCRYPTOR__"
>
>That should tell people what is going on, yet not cause encryption
>errors in the checkout process. That is the ticket.
>
>I may not always seem like it, but I am grateful for all the feedback
>and ideas I get from all of you. Thanks, Bob.
>

I think the occasionally expressed desire to store raw credit card numbers 
online stems from the need to be able to fully manage credit card info via 
the browser (by both admins and repeat customers).  My position is that if 
you must store CC's on your server, they should be encrypted - this is 
basic due diligence to protect your customers.

If you have to retrieve a card number from the server, you can copy the 
encrypted block from the admin area and decrypt it on your local machine 
with your private key (which should *never* be stored on the web server, by 
the way).

Perhaps in the next release of IC we can have one more special variable:

         mv_credit_card_l4       # contains the last 4 digits of the card 
number

This, in conjunction with the card type and expiration date (which already 
stored in the userdb if checkout data is saved to an account), should be 
enough for both the admin and the customer to make a positive ID of the 
card online, without exposing the raw number.

- Ed L.


===============================================================
**** Virtual Hosting w/private IC Installation, $65/month! ****
---------------------------------------------------------------
New Media E.M.S.               Software Solutions for Business
463 Main St., Suite D          eCommerce | Consulting | Hosting
Placerville, CA  95667         edl@newmediaems.com
(530) 622-9421                 http://www.newmediaems.com
(866) 519-4680 Toll-Free       (530) 622-9426 Fax
===============================================================