This question is for people who take and store credit card information
for customers.

Credit card companies, in an attempt to lessen fraud, are tightening the
screws on merchants who take credit cards. One aspect of this is a
requirement to store credit card information from customers encrypted.

So let's say you have a customer whose credit card you keep on file,
because they'll be charging other items with you. The credit card
companies would like you to store this information with strong
encryption, which in their mind is one-way encryption.

Now let's say that the credit card number is part of the customer
record. When looking at the customer record, you see just the last four
digits of the card. But when editing the record or when printing out
reports of things which must be charged, you will see the whole number.
Assume the users of the system have logins and passwords.

Now if you one-way encrypt the credit card numbers in the customer
records, then it seems to me that any time that field has to be accessed
(to edit the record or charge something to the card), you'd have to have
the user enter a specific "password" to unlock the encryption. This
would be quite in addition to their username and password. Moreover for
this to be as secure as the credit card companies would like it,
whatever "password" is used would need to be changed frequently,
particularly at any change of personnel. This means you'd have to
re-encrypt all the credit card numbers using the new "password" every
few months or when you fire someone who had access to the data.

This seems like an excessively cumbersome solution. Is this seriously
the way it's done? Does anyone have a better solution?


Paul M. Foster

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to