> This is all fine, but as this is a hotel > reservation system, there > are a lot of cancellations etc and what we want is for our > client to be able > to handle the refunds via the back-office screens directly, > without logging > on to other screens, thus keeping full integrity of data. I > thought this was > possible without the merchant retaining the credit card > details, as the > transaction id from the payment could be used to facilitate > the refund, but > if I'm wrong on this then please let me know.
Kevin, using Camtech, the merchant needs to have the credit card details in order to process the refund. I don't know if what you want to do is possible with any other online payments system. However, the CardCrypt product that I hinted at before *would* solve your problem. It uses a public-private key system using the RSA algorithm. Essentially, you would capture the credit card details and encrypt them using the public key. In order to decrypt the credit card details (to process a refund for example), an administrator enters their private key into their backend system and then initialises the transaction. The private key is kept absolutely secure and NEVER stored online, which is why it's a good method for subscription systems or refunds, where manual intervention of an administrator is required to decrypt. You can use 512, 1024 or 2048 bit keys and as long as your administrator keeps their private key offline and safe, it's completely secure. If you'd like more info, email me offlist. Cheers, K. --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
