Oops. Didn't see Alan's response before I sent mine. In that case: "Ditto." :-)
- Jon On Sep 25, 2006, at 12:49 PM, Alan Rother wrote: > Ideally you should use an online Credit Card Processor such as > Authorize.net, > in this case you do not need to store or send the CC details to > anyone. > > However, as is so often the case, the customer is not willing to > spend the > money to use such a service. Given that scenario, you should NEVER > SEND A CC > NUMBER IN AN EMAIL! > > Instead store it in a database using an extemely strong encryption > technology such as blowfish. If you have CFMX 7 then blowfish is > one of the > included encryption tools included, if not I believe there is a tag > you can > buy. > > Encrypt the CC info in your database, make sure it is absolutely > inaccessible from the outside world and run SSL on the front end > and admin > areas of your website. I would also include a process somewhere in > your > system for deleing old CC numbers after a reasonable period of > time. This > limits your liability if anything happens to your database. > > Also, this is important, try as hard as possible to convince your > client/boss that storing CC numbers in your own database is a > really bad > idea and can open you up to all sorts of legal action if your data is > compromised. > > HTH > > =] > > -- > Alan Rother > Macromedia Certified Advanced ColdFusion MX 7 Developer > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254057 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
