Richard, I highly advise against storing credit card information in your database, if you can help it. It's a liabiltiy issue for you and/ or your client.
If you're using a payment processor, they can handle that for you once you're transmitted the card data. Both Verisign and Authorize.net can handle repeat customers and will store their processing information for you. That being said, if you have to do it, my suggestion would be to use two key encryption to encrypt and decrypt the data as it is added or accessed. Something like this: <cfscript> key1 = myUniversalKey; key2 = customerSpecificKey; theKey = hash(key1 & key2); algorithm = "AES"; cardStored = encrypt(ccNumber,theKey,algorithm); doSomething(cardStored); </cfscrit> You can use the same method to decrypt the string as long as the keys are accessible (and can never be changed); As far as e-mails, go, it would be best not to include that data in an e-mail. Jon On Sep 25, 2006, at 12:26 PM, Richard Cooper wrote: > Hi, > > With a site that has a SSL and a form, what is the best way to get > the credit card details from this form to right person? > > I'm a little concerned about storing credit card details in a > database and sending un-encrypted emails. > > What methods do other people use? > > > R ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254055 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
