[kwlug-disc] [OT] voip fax/email to fax/ ccards

John Van Ostrand john at netdirect.ca
Mon Mar 22 14:08:19 EDT 2010

----- "Bob Jonkman" <bjonkman at sobac.com> wrote:
> Why decrypt the number before storing it in the database?  Wouldn't 
> storing the encrypted number protect against things like stolen 
> databases, or lost backups of databases?  Any application with 
> legitimate need to access the credit card number should be a holder of
> the decryption key.

Good point. Although the email would have be decrypted to get the number, it could be held encrypted in the database to thwart hackers.

> In most cases where the transaction is processed immediately, why
> store the number at all?  For the customer's own protection, require them to
> > enter a credit card number for every session.  Your application needs
> it just long enough to extract their money, then the credit card number
> is no longer needed.  Doesn't work for Glenn's offline issue, tho.

I suspect that Glen needs to use the card in the future without the interactivity of the card holder. He sells insurance, not retail consumer goods.

More information about the kwlug-disc mailing list