[ic] Real-Time Credit Card Transactions And Storing Credit Card Data

Matthew Villa interchange-users@icdevgroup.org
Mon Oct 7 17:12:00 2002


Dan,

Thanks for getting back to me. How would I encrypt the data? Is there a
function with Interchange 4.8 or 4.9 that allow you to encrypt data?

Any examples would be helpful.

Thanks for your time.

-----Original Message-----
From: interchange-users-admin@icdevgroup.org
[mailto:interchange-users-admin@icdevgroup.org] On Behalf Of Dan
Browning
Sent: Monday, October 07, 2002 1:58 PM
To: interchange-users@icdevgroup.org
Subject: Re: [ic] Real-Time Credit Card Transactions And Storing Credit
Card Data

At 09:29 AM 10/7/2002 -0700, you wrote:
>Hey everyone,
>
>I'm currently authorizing credit cards in real time and storing the
>transaction ID in the "order_id" column in the transactions table.
Then,
>when the order has been processed we then capture funds from the open
>authorization.
>
>However, I need to be able to store the credit card information in our
>database for reference purposes. I plan on using real-time credit card
>transactions but also want to store credit cards too. Of course I need
>the data to be encrypted. Using PGP will be good enough. Can someone
>give information on how to do this?

If you want to store the credit cards encrypted, that is easy ([value 
mv_credit_card_info], I think), but if you want to *retrieve* the
encrypted 
credit card and decrypt it on the server -- that is easy too, but not 
recommended, because it means that your server has to have access to the

private key somehow.

If someone steals all your credit card numbers (encrypted), that would
be 
bad, but they would still have a pretty hard time cracking them.
However, 
if they stole your private key along with the encrypted card numbers,
that 
would be doubly bad, because they would only have one key to crack 
(assuming you used a passphrase).

Besides a private key passphrase there are a lot of additional security 
measures you can take, but there will always be an element of 
risk.  However, some feel (Amazon.com, for example) that the risk is
worth 
the benefit.  Basically, the answer is "Yes, it is easy.  But the hard
part 
is the security/risk-taking."

--
/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\
| Dan Browning, Kavod Technologies      <dan.browning@kavod.com> |
| (360) 882-7872 x7, 6700 NE 162nd Ave, Suite 210, Vancouver, WA |
\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
Misfortune, n.:
         The kind of fortune that never misses.
                 -- Ambrose Bierce, "The Devil's Dictionary"

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users