Thread: Storing Credit Cards Online
03-02-2004, 12:24 PM #1Web Hosting Master
- Join Date
- Dec 2002
Storing Credit Cards Online
I have been reading extensively on this topic, and my knee-jerk reaction to this thought has always been : Dont do it for the love of God!!!!!
I would ask those reading this to temporarily set that aside, and instead ask: How could it be done? I am not really interested in the reasons WHY, just from a HOW perspective. I use the example of credit cards, but we can extrapolate that to ANY sensitive data.
It seems to me that this shouldnt be so hard. Is it not possible to use public key encryption (2048bit) to encode this sensitive information before it is stored in mysql database?
This way, only the private keyholder, who would never ever store his key on the server, could access this information. It would naturally be a requirement to use SSL to submit the password (private key) for verification and subsequent revealing the sensitive data.
A potential issue is that someone could read your php scripts to obtain database login/password used to insert the data. I do not see this as a big issue because:
1) Encode your php DBscript - ioncube, zend, etc
2) Even *if* they can get the encrypted CC details - So what? They would have to bruteforce the password, and trying to bruteforce a 2048-bit key with a strong MD5-hashed passcode would take eons.
*I am NOT advocating storing sensitive data on a shared server, as that would be in direct violation of CISP rules, etc. I am simply being devils advocate here.
Seen in this light, one could argue that even if someone managed to root the box, the data should be reasonably safe.
Now for the kicker. This setup will preclude you from doing automated billing, as rule #1 says we cannot store the private key on the server (might as well be plaintext otherwise). How do billing softwares like modernbill, etc securely get around this?
Or, am I making an assumption that automated recurring billing is secure using modernbill, etc?
I havent come across great information on this topic recently, and it seems nobody wants to step out and say WHY NOT instead of DONT DO THAT, so I hope this stimulates some discussion."The only difference between a poor person and a rich person is what they do in their spare time."
"If youth is wasted on the young, then retirement is wasted on the old"
03-02-2004, 02:42 PM #2Aspiring Evangelist
- Join Date
- Mar 2003
Be very careful as to what your merchant account/credit card companies say about this practice. Many explicitly do not allow the storing of account information on your servers, thats why Authorize.net is there :-)
I also have a feeling that they may try and make you financially responsible if anything happened to those account numbers.
But, other than that I don't see a problem with the system you mentioned above, except for the overall pain in managing your keys.
MD5 is pretty much useless as you can only do comparison matching on the encrypted data(determining if two encrypted strings are the same), hashing the card # would leave the hash key available somewhere on the system.
Overall, I think there is just too much risk for little gain.
PeterThe Maag Group - Intelligent IT Solutions
• Colocation • Dedicated Servers • Server Administration •
www.maaggroup.com • 877.622.4477
03-02-2004, 03:18 PM #3Junior Guru
- Join Date
- Sep 2003
- London, UK
Hi, not much to add to this but I know it's done by shared secure hosting companies. One little script I did was for www.airwalker.tv
The form is posted to an automated form processor which stores the details on the server and an email is sent to the sites' admin informing them of an order, they then pick up the details from the server by some https pages.
The service they use http://www.secure-website.com has nothing on thier pages but I think they are part of a larger hosting company.
03-03-2004, 04:25 AM #4Web Hosting Master
- Join Date
- Aug 2000
- Sheffield, South Yorks
You should take a look at how HSphere 2.4 does it:
PKI, the private key is stored in secure memoery (Never written to disk), and the daemon will run with or without the key - If you don't supply the key on startup then it won't do billing, but customers can still sign-up, if you start it with the key then it stores it securely in RAM (ala GPG) so it is not written to disk as swap and can't be gotten at (Barring any OS bugs).Karl Austin :: KDA Web Services Ltd.
UK Business Hosting and Managed Servers - Hosting for Business Users :: 0800 5429 764
Call us today and ask about our hosting solutions.
03-03-2004, 03:27 PM #5
Asking this forum how to store credit cards online is like asking your doctor where you can buy some designer drugs