[ic] Credit Card numbers Stored Encrypted in SQL Database - Finally Answered!

Dave Jenkins djenkins@redhat.com
Wed, 25 Apr 2001 16:55:20 -0400


Russ Mann wrote:

> Thank you!  Amazing what it takes to get an answer on this list :)

There was probably some confusion from that because you touched a live wire: CC
encryption.  This has been a subject of much debate, and certainly everyone
wants to pop in with their own position (including this post).  Your best bet
on getting a clear answer is to ask a clear question.  Much of the thread
centered on the merits of storing CC numbers, which quickly polarizes into a
battle of good and evil.

> On Wed, 25 Apr 2001, Russ Mann wrote:
> > So, correct me if I'm wrong, but because of the RH takeover, IC looses
> > functionality?  There is ZERO risk involved with storing CC#'s on disk if
> > they're ENCRYPTED, Which is precisely what I'm trying to do.  It worked
> just
> > fine in MV....

Is this the same ZERO risk that the ENIGMA machine gave the Nazis?  Is it the
same zero risk that the polygraphs and financial checks gave to the CIA?  There
is no such thing as zero risk.  The overall point that storing CC# is a bad
idea is one of liability: you don't want to be responsible when it happens.
One match will light a room full of gasoline.  It's better not to store the