Results 1 to 5 of 5

Thread: saving credit card info

  1. Feb 9th, 2004, 09:19 AM #1
    kleinma
    kleinma is offline

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373

    saving credit card info

    we want to allow users of our site to save a credit card on file so they can do quick purchasing, but I don't want to store their numbers in a database because of security. I was thinking store all their account info in our db, but store the credit card in a cookie? or possibly store half the card number in a cookie, and the other half in the DB?

    what do you think?
    Reply With Quote Reply With Quote
  2. Feb 9th, 2004, 10:39 AM #2
    svatasoiu
    svatasoiu is offline
    Lively Member
    Join Date
    Oct 2001
    Location
    MA, US
    Posts
    78
    Hi,
    You can save the sensitive info in your db, if you encrypt it before.
    .Net provide good support for encryption and I think it it secure.
    You can chose a random encryption key, store it some where in a secure way and limit the access to that key only to the programs you know that will need to use it.
    This is the way I do it, and it does work well.
    Reply With Quote Reply With Quote
  3. Feb 9th, 2004, 10:55 AM #3
    kleinma
    kleinma is offline

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373
    Originally posted by svatasoiu
    Hi,
    You can save the sensitive info in your db, if you encrypt it before.
    .Net provide good support for encryption and I think it it secure.
    You can chose a random encryption key, store it some where in a secure way and limit the access to that key only to the programs you know that will need to use it.
    This is the way I do it, and it does work well.
    well I am actually not going to be using .NET, just regular ASP for this site
    Reply With Quote Reply With Quote
  4. Feb 10th, 2004, 06:32 AM #4
    nswan
    nswan is offline
    Fanatic Member
    Join Date
    Oct 2000
    Location
    Reading, UK
    Posts
    870
    can't you get an SSL certificate for your website. I think that does all the encription for you between server and user??
    www.vb-tech.com
    .Net Freelance Development
    http://weblog.vb-tech.com/nick
    My blog
    Reply With Quote Reply With Quote
  6. Feb 10th, 2004, 11:10 AM #5
    kleinma
    kleinma is offline

    Thread Starter
    I'm about to be a PowerPoster! kleinma's Avatar
    Join Date
    Nov 2001
    Location
    NJ - USA (Near NYC)
    Posts
    23,373
    I do have a 128 bit SSL cert installed. I am just worried about storing customers CC numbers. I mean I can only assume that the SQL Server we have space on is secure, but we use a webhost, the server isn't here in my office, so it is hard to say who could have access to the information. That is why I don't feel safe storing customers whole CC numbers in the DB.

    I figure if the first half of the CC is in a cookie, and the second half is in the DB, then I could put them both together when the cusomter wanted to buy something

    I guess I could encrypt the CC number to store it in the DB, but any good hacker would probably be able to decrypt it anyway.. I will have to look into valid encryption methods over ASP
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width