Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- storing credit card details
- Wayne Evans
March 2, 2005, 4:10 am
rate this thread
idea, but what is the genral opinion on the method described below?
1. Store cc details encrypted in database. Encryption key "randomly"
2. The randomly generated encryption key is sent to the user but NOT
stored in database.
3. User accesses the order using the encryption key sent to him.
4. Order/cc details deleted from database.
This way the cc details are only on the system for a short length of
I guess the flaw is the email?
Any opinions gratefully recieved!
Re: storing credit card details
: I know storing credit card details in a MySQL database is a really bad
: idea, but what is the genral opinion on the method described below?
: 1. Store cc details encrypted in database. Encryption key "randomly"
: 2. The randomly generated encryption key is sent to the user but NOT
: stored in database.
why? they already have the card number. they dont need a 2nd copy
encrypted or not and they don't need a key for the card number. What
do need is a non guessable key to get order status.
Do you have any legit reason to store card numbers? Also Visa
considers the expire date to be as sensitve as the card number so
you need to encrypt it to (or just don't store any of it)