[kwlug-disc] [OT] voip fax/email to fax/ ccards
Adam Glauser
adamglauser at gmail.com
Mon Mar 22 14:22:53 EDT 2010
John Van Ostrand wrote:
> ----- "Bob Jonkman" <bjonkman at sobac.com> wrote:
>> Why decrypt the number before storing it in the database? Wouldn't
>> storing the encrypted number protect against things like stolen
>> databases, or lost backups of databases? Any application with
>> legitimate need to access the credit card number should be a holder of
>> the decryption key.
>
> Good point. Although the email would have be decrypted to get the number, it could be held encrypted in the database to thwart hackers.
This may even be required by the card issuers. I don't know to what
extent this applies in Canada, or to smaller businesses, but there was
frequent mention of PCI (Payment Card Industry) rules in the IBM
Midrange forums I used to frequent.
My understanding is that they may revoke your card processing privileges
if certain standards of security are not followed.
More information about the kwlug-disc
mailing list