Hi Josh, I've seen a directive from American Express that any stored credit card numbers must be encrypted with a minimum of Triple DES. Sorry that doesn't help you with telling them *not* to store them I guess...
Our company wrote (and uses) a CFX tag that does asymmetric RSA encryption on credit card numbers for subscription-based sites, so that a human operator has to be at the keyboard with the private key to decrypt and process payments - with batching and online clearing gateways it's not such a nightmare as it sounds :) Kay. -----Original Message----- From: Josh Carrico [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 23 April 2002 11:29 PM To: [EMAIL PROTECTED] Subject: offTopic: Saving Credit Card Info Sorry for the Extremely off topic question... But, would anyone happen to know any good resources for proving a point to my employer that we shouldn't Store Credit Card information? Apparently Verisign's word to the wise that "credit card numbers (If they must be stored) should be stored encrypted (It is best not to store credit card numbers at all)" AND all the cases of Hackers stealing credit card numbers just doesn't phase them. Thanks in advance. Josh Carrico ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
