"Peter Beckman" <[EMAIL PROTECTED]> wrote in message
> So I'm thinking about how to save credit card numbers in the DB, for
> re-charging cards for subscriptions, new orders, etc.
> I'm also thinking about how to save passwords in the DB, not plaintext,
> not one-way encrypted either.
> Any suggestions? How would I secure the database? I'm thinking some
> abstract process in code, or something -- security through obscurity.
Suggestions? Oh, I've got some of them:
(1) Call VeriSign (just bought by PayPal)
(2) Do NOT store credit card numbers/dates/ccid's anywhere. (yes, that ends
in a PERIOD)
(2B) Obviously you will need to store the credit card data for a brief
while, so you can at least run the credit card. BUT, it shouldn't be stored
for any longer than a few hours (See #3 below)
(3) Using a service like VeriSign, when you get the credit card information,
run a charge of that card immediately (maybe a $1 handling charge). This
will give you a magic reference# assigned to that credit card data at the
service. VeriSign calls this a PNRef (I think). You can then use this
reference for all future charges to that same credit card.
(4) Make sure to get the billing zip code and street address for the credit
card. This reduces your cost per transaction.
(5) Did I mention to NOT store credit card numbers?
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php