Really it depends on what you are using the credit cards for, if you are using them for e-commerce transactions, I suggest not storing them at all. Once the transaction is complete you will have the information from the bank directly. It does not bother a customer to have to type in their credit card number when they shop. You may consider encryption and the use of two tables to do it though. This ads a little confusement on the part of thiefs. IE: one table for the first set of numbers and another for the last four. And then give them unidentifiable names.
firstSetnumerics 1234-4565-5698- secondSetnumerics 4566 There are two major products that come out of Berkeley: LSD and [Unix] BSD. We don't believe this to be a coincidence. Doug Brown ----- Original Message ----- From: "Jeff Fongemie" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Sunday, January 27, 2002 7:17 AM Subject: Best way to store credit cards in database? > Sunday, January 27, 2002, 10:12:15 AM > Hello CF-Talk, > > I've got a simple site, and uses a small Access database. We will be > taking credit cards. > > Wondering what others consider a realistic practice to ensure > security to a reasonable level. What do others do? > > The site will have a SLL, but I'm thinking along the lines of > encrypting the card number. However, I know how unsecure ColdFusions > encryption is, so why bother? > > If people do somehow encrypt the card number, would you be willing > to give examples? And I guess I'll need a way to unencrypt the > numbers in an admin area. > > I've seen where a site will store half of the number, and the second > half gets sent by email to the shop owners. Then the shop owners > need to go in and match up the numbers. > > Thanks for any advice, recommendations on this. > > > Best regards, > Jeff Fongemie mailto:[EMAIL PROTECTED] > ______________________________________________________________________ Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
