You can also remove the CC numbers from the database. We don't process a huge amount of CC's, so we just run some SQL to set all but the last four digits to 'x' after having copied the good cc numbers to a floppy. The floppies go to a locked managers office. That way the numbers aren't even on the network. We don't do it every day, but once a week or so--enough that there aren't very many CC number sitting in the db.
One suggestion: write a stored procedure that writes the CC numbers out to disk, then run GnuPG on the file, and then set all but the last four CC digits to 'x'. You could do it with a chron job, or use a scheduled task in CF. I think that would work for you. One note: cfencrypt(), AFAIK, has been cracked. I'm not sure if that's true of recent versions of CF, though. Jeff Polaski Webmaster Research & Graduate Studies University California, Irvine -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 9:43 AM To: CF-Talk Subject: Credit Card Encryption Does anyone have any insight on encrypting data into a Table? A client is asking about storing CC numbers and I want to see what level of protection we can provide. TIA! Hatton ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists