Quote Originally Posted by nemaroller
I have to implement a credit card processing on a furniture site soon... but thankfully, there is no need to rebill the customer. All transactions will be live - and they will be required to re-fill their cc info every transaction. But that's a furniture store where people don't normally buy more than one thing a year.

So all I need to do really is just store perhaps the last 3 digits of their cc number - although I wonder if the last three digits are the most identifying part of the number or not... ?
The starting digits are common for each company they use a set. This is how CC Gen programs work. I don't remember the sets right now, but look at your visa does it start with 4668?

Hellswraith is right though, I've had people ask me many times to just throw around cc info and turned down the job for that reason.

There is a lot to think about. If your SQL Server resides on a seprate server has it been moved of the default port? If it's on the same server have you closed the port? Are your logs on? Are you tracking the IP of the request?(You know which Coffee Shop, Collage, or libray was the hacker at? Did he reroute his ip 36 or 37 times?) Are you sending a verify request to an e-mail address? Use an SSL.

Even better use an SSL, Frames and an ISAPI Companat. Ever seen a site with a URL of https://url.com/secure/cart.dll?orde...d&prod_id=guid

it's a lot of work.

Hellswraith the URL rewrite would cover a dll like this without the ISAPI.

Can you set a SELECT Trigger in SQL Server?