Results 1 to 6 of 6

Thread: SSL, Encryption and Credit Cards

  1. Jun 26th, 2002, 08:55 PM #1
    TheGoldenShogun
    TheGoldenShogun is offline

    Thread Starter
    Addicted Member TheGoldenShogun's Avatar
    Join Date
    Mar 2001
    Location
    VA/MD... anywhere around the beltway
    Posts
    236

    Cool SSL, Encryption and Credit Cards

    Currently my company gets credit card transactions through verisign (we pass the info on to verisign and they take the credit card and do the rest). However, we are thinking about switching to taking credit cards ourselves. I'm a little nervous as the programmer to take credit card numbers and store them in our database. I have SSL enabled on my website and understand that should make passing the credit card to us very secure. Is that all I need to do when capturing that information or is there some additional encryption I need to use? Also, how should I store the credit cards, just in my database or is there a certain method I should follow to make sure John Q Hacker cant just log into my system and have a field day with cards? Any and all feedback is greatly apprechiated.

    Thanks
    Reply With Quote Reply With Quote
  2. Jun 26th, 2002, 09:03 PM #2
    filburt1
    filburt1 is offline
    Member filburt1's Avatar
    Join Date
    Aug 1999
    Posts
    6,935
    If you only need to confirm a password (i.e., enter in one and check it against what's in the database), then make an md5 hash of it instead of storing the actual number.
    TurtleTips.com | My Forums
    Reply With Quote Reply With Quote
  3. Jun 27th, 2002, 06:09 AM #3
    TheGoldenShogun
    TheGoldenShogun is offline

    Thread Starter
    Addicted Member TheGoldenShogun's Avatar
    Join Date
    Mar 2001
    Location
    VA/MD... anywhere around the beltway
    Posts
    236
    hash of it? how do I do that... I mean what functions do I use and how do I view it if its all hash'd up?
    Reply With Quote Reply With Quote
  4. Jun 27th, 2002, 07:33 AM #4
    cpradio
    cpradio is offline
    Fanatic Member cpradio's Avatar
    Join Date
    Apr 2002
    Posts
    616
    If you use a md5 encryption you will not be able to decrypt it so make sure you use any information you need before encrypting it.

    And to use md5 its just the following:

    $variable = md5($variable);
    http://cpradio.net/
    Administrator @ WDForums and a Moderator @ WebXpertz City Forums
    Reply With Quote Reply With Quote
  6. Jun 27th, 2002, 07:45 AM #5
    TheGoldenShogun
    TheGoldenShogun is offline

    Thread Starter
    Addicted Member TheGoldenShogun's Avatar
    Join Date
    Mar 2001
    Location
    VA/MD... anywhere around the beltway
    Posts
    236
    cool, seems easy enough. But how am why would I store it if I couldnt use it later? How am I suppose to get the number if its already been encrypted and cant be decrypted? maybe I'm missing a step. The person gives me their credit card information and I store it in my database right... I guess after we come in the next day and run their card through, we encrypt the file?
    Reply With Quote Reply With Quote
  7. Jun 27th, 2002, 08:06 AM #6
    cpradio
    cpradio is offline
    Fanatic Member cpradio's Avatar
    Join Date
    Apr 2002
    Posts
    616
    if you want my opinion, I suggest making your own encryption. Make up a method to change each digit slightly and place it into the database, and then reverse your method so you can get the original number back.

    Or as you said, you could encrypt it after using it.
    -Matt
    http://cpradio.net/
    Administrator @ WDForums and a Moderator @ WebXpertz City Forums
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width