[ic] Credit Card Encryption

[interchange-users@interchange.redhat.com]

>-----Original Message-----
>From: Rick Lord [mailto:rick@desertlord.com]
>Sent: Sunday, September 16, 2001 4:21 PM
>To: interchange-users@interchange.redhat.com
>Subject: [ic] Credit Card Encryption
>
>
>Is it still possible to NOT encrypt the credit card number in 4.8.1? 
>Everything is local here so I do not encrypt it, but setting up a new
server 
>with 4.8.1 is not letting me do that. I saw that a couple of other people
had 
>the same question but I didn't see any answers. Hopefully I will get some.
>Thank you.
>
>-- 
>Rick Lord

This seems to be a common thread.  My 2 cents on this is I don't really
care if it's all local.  No matter how secure you make your network,
you can not be 100% guaranteed that someone can't break into it.  Any
system that is connected to the internet has the potential of being
compromised by exploits which have yet to be invented.  How often have
we seen news reports of merchants who thought their systems were secure
right up to the point where "Exploit-X" came along and allowed a
hacker - and any script-kiddie who could reproduce their work after they
posted it in a million places - to go in and meander their filesystems
at will?

That said, how can anyone be willing to store credit card numbers
unencrypted?  Anywhere?

You can count on the fact that no system I ever write or maintain in IC
will do so.  And if you set up a system on the internet that takes credit
cards but leaves them unencrypted on a computer somewhere, please let
me know so that I can avoid shopping there.

Patrick Bennett
http://www.ccgenesis.com