"Peter Beckman" <[EMAIL PROTECTED]> wrote in message 
> So I'm thinking about how to save credit card numbers in the DB, for
> re-charging cards for subscriptions, new orders, etc.
> I'm also thinking about how to save passwords in the DB, not plaintext, 
> but
> not one-way encrypted either.
> Any suggestions?  How would I secure the database?  I'm thinking some
> abstract process in code, or something -- security through obscurity.

Suggestions?  Oh, I've got some of them:

(1) Call VeriSign (just bought by PayPal)
(2) Do NOT store credit card numbers/dates/ccid's anywhere.  (yes, that ends 
in a PERIOD)
(2B) Obviously you will need to store the credit card data for a brief 
while, so you can at least run the credit card.  BUT, it shouldn't be stored 
for any longer than a few hours (See #3 below)
(3) Using a service like VeriSign, when you get the credit card information, 
run a charge of that card immediately (maybe a $1 handling charge).  This 
will give you a magic reference# assigned to that credit card data at the 
service.  VeriSign calls this a PNRef (I think).  You can then use this 
reference for all future charges to that same credit card.
(4) Make sure to get the billing zip code and street address for the credit 
card.  This reduces your cost per transaction.
(5) Did I mention to NOT store credit card numbers?


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to