[ic] Real-Time Credit Card Transactions And Storing Credit Card Data

Dan Browning interchange-users@icdevgroup.org
Mon Oct 7 16:57:01 2002


At 09:29 AM 10/7/2002 -0700, you wrote:
>Hey everyone,
>
>I'm currently authorizing credit cards in real time and storing the
>transaction ID in the "order_id" column in the transactions table. Then,
>when the order has been processed we then capture funds from the open
>authorization.
>
>However, I need to be able to store the credit card information in our
>database for reference purposes. I plan on using real-time credit card
>transactions but also want to store credit cards too. Of course I need
>the data to be encrypted. Using PGP will be good enough. Can someone
>give information on how to do this?

If you want to store the credit cards encrypted, that is easy ([value 
mv_credit_card_info], I think), but if you want to *retrieve* the encrypted 
credit card and decrypt it on the server -- that is easy too, but not 
recommended, because it means that your server has to have access to the 
private key somehow.

If someone steals all your credit card numbers (encrypted), that would be 
bad, but they would still have a pretty hard time cracking them.  However, 
if they stole your private key along with the encrypted card numbers, that 
would be doubly bad, because they would only have one key to crack 
(assuming you used a passphrase).

Besides a private key passphrase there are a lot of additional security 
measures you can take, but there will always be an element of 
risk.  However, some feel (Amazon.com, for example) that the risk is worth 
the benefit.  Basically, the answer is "Yes, it is easy.  But the hard part 
is the security/risk-taking."

--
/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\
| Dan Browning, Kavod Technologies      <dan.browning@kavod.com> |
| (360) 882-7872 x7, 6700 NE 162nd Ave, Suite 210, Vancouver, WA |
\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
Misfortune, n.:
         The kind of fortune that never misses.
                 -- Ambrose Bierce, "The Devil's Dictionary"