1) If you're using mysql, see the aes_encrypt and aes_decrypt functions
-- they'll do the industry standard encryption for you. PHP has similar
functions available as well. I imagine 1and1 has at least one of those
available.
2) Unless you're a cryptographer, I don't think they'd be convinced it's
up to industry standards, esp. since proven technologies are already
widely available.
3) I was under the impression that you were doing the transaction
real-time. If you're just storing the data to transact at a later time,
you'd have to do your transactions without the vcode, I reckon. The
vcode generally isn't required, but you'll usually get lower transaction
costs if you use it.
4) The great thing about having the standards is that if you do get
credit card data stolen from you, you can probably recover from it since
you have been following industry best practices. If you're hacked and
haven't been following the best practices, you're in for it.
Ben
Webot Graphics wrote:
1) If I plan to use 1and1.com for hosting, do they offer an encrypted db?
2) can you make up some custom code
example ---
real card
1234 5678 9012 3456
could be stored as
5678 1234 3456 9012
3) The pdf says you can't store the vcode anywhere, but how do you
keep it long enough for accounting to process it?
4) We had 1.22 million dollars in sales last year, so we fit the
"millions of dollars per year" category, and though we still act like
a small business (see website), we are reaching a point at which
security could become a real threat.
Justin Giboney
On Jun 13, 2007, at 4:55 PM, Ben Reece wrote:
https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
