Re: keeping credit card numbers safe?

From: Bill Unruh (unruh@string.physics.ubc.ca)
Date: 06/20/02

• Next message: Jem Berkes: "Re: Security software testers wanted"
• Previous message: Lachlan Ross: "Re: keeping credit card numbers safe?"
• In reply to: Lachlan Ross: "keeping credit card numbers safe?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: unruh@string.physics.ubc.ca (Bill Unruh)
Date: 19 Jun 2002 22:39:22 GMT

"Lachlan Ross" <lwross16@hotmail.com> writes:

]Hi all,

]I need to store creditcard numbers on my web server and need them to be
]protected some how. The reason I need to store them is because the service
]if for subscribers who get charged each month automatically. ie they enter
]the creditcard details at signup and then get billed each month
]automatically. The server is able to transmit the card numbers securly
]using to the payment gateway and from the users browser to the server using
]ssl but how do I store the numbaers on the machine safely.

]I thought of encrypting them but to decrypt them, the decryption key would
]need to be on the machine too which defeats the purpose. Any advice would
]be greatly appreciated as I am only learning in this are.

Well, encrypt them, and then have some person run the program which
sends out the billing and have that person enter the key. Of course that
person had better be trustworthy. Or you could store that key, and the
decryption engine on a separate computer which is not connected to the
web in any way, and is used only as your security engine, and to which
only that one program can send requests for the credit card number, and
get back the encrypted version. Or you could encrypt them with the same
procedure used by your payment gateway, and that way you never need to
decrypt them. (of course that has its own security problems).

Ie, security usually comes with some inconvenience.

---

• Next message: Jem Berkes: "Re: Security software testers wanted"
• Previous message: Lachlan Ross: "Re: keeping credit card numbers safe?"
• In reply to: Lachlan Ross: "keeping credit card numbers safe?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: keeping credit card numbers safe? ... > ssl but how do I store the numbaers on the machine safely. ... > I thought of encrypting them but to decrypt them, ... on the server in any program, script, or file. ... (comp.security.unix) Re: keeping credit card numbers safe? ... > ssl but how do I store the numbaers on the machine safely. ... > I thought of encrypting them but to decrypt them, ... on the server in any program, script, or file. ... (comp.security.unix) Re: keeping credit card numbers safe? ... ]I need to store creditcard numbers on my web server and need them to be ... The reason I need to store them is because the service ... The server is able to transmit the card numbers securly ... ]I thought of encrypting them but to decrypt them, ... (comp.security.misc) Re: keeping credit card numbers safe? ... Only keep the credit card numbers in a temporary "holding" area... ... > I need to store creditcard numbers on my web server and need them to be ... The reason I need to store them is because the ... The server is able to transmit the card numbers securly ... (comp.security.unix) Re: keeping credit card numbers safe? ... Only keep the credit card numbers in a temporary "holding" area... ... > I need to store creditcard numbers on my web server and need them to be ... The reason I need to store them is because the ... The server is able to transmit the card numbers securly ... (comp.security.unix)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2002-06