Lamont Peterson wrote:
On Wednesday 13 June 2007 01:35am, Brandon Stout wrote:
Orson Jones wrote:
https is perfectly fine. The thing that worries, is what happens after it
hits the server. (is it stored in an unencrypted format, is it stored
longer than necessary, is it transmitted elsewhere securely? etc.)
Orson
I agree. However, if encrypted properly in the database, is there a
"longer than necessary"? Once on their server, perhaps it's less secure
to have to request the card number again than to keep the number
encrypted on the server.
Remember, there is no such thing as being secure. It's all just trade-offs
and risk management. So, for each application, one has to decide if the
trade-offs are better one way or the other. It might well be better for one
application to keep the encrypted card numbers in the DB but not worth it for
another to have to deal with those encryption keys.
As far as credit cards are concerned, the payment card industry (PCI)
has very specific ideas about what is secure. If you're interested you
can take a look at
https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf -- it's a
pretty comprehensive take on the whole thing. I bring it up because one
of their requirements is that card numbers must be "protected" (read:
encrypted) anywhere they're stored electronically.
The PCI people (Visa, etc.) will revoke your ability to accept credit
cards if they audit you and find you wanting, though they tend to audit
only larger volume businesses (millions of dollars per year).
-Ben
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
