heh heh. i had something like that going at my last job. i think i spent 20 hours making an elaborate scheme like that - by the time they were done paying for the coding I had done, they could have paid for a fully-functioning gateway twice over. oh well, clients will be clients, and no matter what you tell them, they are going to do what they want. big props for you getting them to sign off on the liability issue. that's huge.
Security by obscurity! On 6/6/07, Les Mizzell <[EMAIL PROTECTED]> wrote: > > Matt Robertson wrote: > > The robot has it right. You should only be transmitting cc info via a > > secure gateway to a cc processor, > > Agreed.... > > I've got one client that INSISTS on processing their web CC payments > themselves. The only thing I could come up with that made me comfortable: > > 1. I've got a signed statement from them saying I'm not liable for > anything that may happen due to their wicked ways! > > 2. The card number is split into 6 segments > a. 3 of which are encrypted and stored in a database > b. Expiry month is encrypted and stored in a database > c. other 3 segments are emailed to them > d. expiry year is emailed to them. > > They have to log into their admin system to retrieve the missing 1/2 of > the CC info. As soon as they access it, it's automatically erased and > replaced with random numbers, also encrypted. > > I figure if anybody breaks into the system, and finds CC1 through CC6 > fields in the database, 1/2 of which is real numbers and 1/2 which is > fake, and all of it is fake after less than 24 hours and all is > encrypted - even if they broke the encryption they'd still only have > half of the needed info and no idea of which half they had... > > It's convoluted, but it's about as secure as I could figure out how to > do and still meet their request. Won't do it again for anybody else > though. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:280372 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
