[kwlug-disc] [OT] voip fax/email to fax/ ccards
John Van Ostrand
john at netdirect.ca
Mon Mar 22 14:08:19 EDT 2010
----- "Bob Jonkman" <bjonkman at sobac.com> wrote:
> Why decrypt the number before storing it in the database? Wouldn't
> storing the encrypted number protect against things like stolen
> databases, or lost backups of databases? Any application with
> legitimate need to access the credit card number should be a holder of
> the decryption key.
Good point. Although the email would have be decrypted to get the number, it could be held encrypted in the database to thwart hackers.
> In most cases where the transaction is processed immediately, why
> store the number at all? For the customer's own protection, require them to
> > enter a credit card number for every session. Your application needs
> it just long enough to extract their money, then the credit card number
> is no longer needed. Doesn't work for Glenn's offline issue, tho.
I suspect that Glen needs to use the card in the future without the interactivity of the card holder. He sells insurance, not retail consumer goods.
More information about the kwlug-disc