If anyone else is like me...
As an internet consumer, I will only patronize businesses that DO NOT
store
CC information.
My 2 cents - if there's an option, don't store them. Too much
liability,
too much risk.
:)
EC
-----Original Message-----
From: Michael Ross [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 1:40 PM
To: CF-Talk
Subject: Re: Best way to store credit cards in database?
Store everything but the number and communicate with the users why yo
u are not storing them. Asking them to retype everything is a pain b
ut just the CC, na, I don't think you would here anyone complain, the
y would probably like that...
>>> [EMAIL PROTECTED] 01/28/02 12:48PM >>>
What about return visitors that want to store their CC number? MD5 h
ash on
the number? then store it in the database?
At 11:56 AM 1/28/2002 -0500, you wrote:
>here here, all we keep are the last 4 numbers.....let the banks worr
y
>...
>
> >>> [EMAIL PROTECTED] 01/27/02 07:00PM >>>
>Don't store the credit card numbers at all. Just process the transa
c
>tion
>immediately and store the rest of the order information.
>
>
>
>----- Original Message -----
>From: "Jeff Fongemie" <[EMAIL PROTECTED]>
>To: "CF-Talk" <[EMAIL PROTECTED]>
>Sent: Sunday, January 27, 2002 7:17 AM
>Subject: Best way to store credit cards in database?
>
>
> > Sunday, January 27, 2002, 10:12:15 AM
> > Hello CF-Talk,
> >
> > I've got a simple site, and uses a small Access database. We wi
ll
> be
> > taking credit cards.
> >
> > Wondering what others consider a realistic practice to ensure
> > security to a reasonable level. What do others do?
> >
> > The site will have a SLL, but I'm thinking along the lines of
> > encrypting the card number. However, I know how unsecure ColdFu
si
>ons
> > encryption is, so why bother?
> >
> > If people do somehow encrypt the card number, would you be will
in
>g
> > to give examples? And I guess I'll need a way to unencrypt the
> > numbers in an admin area.
> >
> > I've seen where a site will store half of the number, and the s
ec
>ond
> > half gets sent by email to the shop owners. Then the shop owner
s
> > need to go in and match up the numbers.
> >
> > Thanks for any advice, recommendations on this.
> >
> >
> > Best regards,
> > Jeff Fongemie mailto:[EMAIL PROTECTED]
>
> >
>____________________________________________________________________
_
>_
>Why Share?
> Dedicated Win 2000 Server � PIII 800 / 256 MB RAM / 40 GB HD /
20
> GB MO/XFER
> Instant Activation � $99/Month � Free Setup
> http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc
>FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
>Archives: http://www.mail-archive.com/[email protected]/
>Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
>
>
>
_____________________________________________________________________
_
Why Share?
Dedicated Win 2000 Server � PIII 800 / 256 MB RAM / 40 GB HD / 20
GB MO/XFER
Instant Activation � $99/Month � Free Setup
http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
______________________________________________________________________
Dedicated Windows 2000 Server
PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER
Instant Activation � $99/Month � Free Setup
http://www.pennyhost.com/redirect.cfm?adcode=coldfusiona
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
