Proper way to store CC

Studio64 · #1 09-05-2002, 12:31 AM

I'm designing a web based order form for a company.

They don't want to take CC's directly online. They want to have the CC's stored in the DB and verify the orders then proccess them through their CC machine in store.

What would be the proper way to store them online?

What's a good cyrpto function to use that would be acceptable for this application?

cperciva · #2 09-05-2002, 12:48 AM

RSA, 1024 bits, sent to them via email and stored on the machine (in case the email gets lost).

If you're lazy, use GPG; otherwise, write your own implementation.

Ahmad · #3 09-06-2002, 01:11 PM

There is also an EXPERIMENTAL OpenSSL module for PHP:
http://www.php.net/manual/en/ref.openssl.php

JustinH · #4 09-06-2002, 06:09 PM

I would store it in the DB using the method mentioned above (RSA) as long as it is NOT on a multi-user machine (e.g. better be dedicated). I would then email the store owner when they get an order and have a secure backend to login to and view credit cards that need to be processed.

I would avoid sending ANY private information via email.

getweb · #5 09-07-2002, 02:52 PM

Yup, agree with comphosting. When I build ecommerce sites for customers I do the same thing, just send a notification that "you have an order", and then have them securely log in through an SSL page that actually shows the credit card data. One thing I wanted to add though, I have an extra button that, once they've processed the order, overwrites the credit card information with zeros... no sense storing it. Don't forget - if the server can display the number, then the key is somewhere on the server; someone who hacks root or at least ability to read scripts can gain access to the encrypted data, and the key to unencrypt it.

I wish there was an easy solution for recurring transactions, short of putting them on a floppy on a workstation and keeping the floppy in a safe.

cperciva · #6 09-07-2002, 02:59 PM

Quote:

Originally posted by getweb
Don't forget - if the server can display the number, then the key is somewhere on the server; someone who hacks root or at least ability to read scripts can gain access to the encrypted data, and the key to unencrypt it.

That's why the server should RSA encrypt the sensitive data with a key which is only held by you. With RSA, it is possible to encrypt data on the server but have the server unable to decrypt it; if you're going to be processing the credit card numbers offline, there is no reason for the server to be able to access those numbers.

ChickenSteak · #7 09-07-2002, 03:24 PM

Write, your own blowfish algorithm. That way it can be encrypted on the server side, but decrypted on the client side. This would be the best way to take on this situation in my opinion.

cperciva · #8 09-07-2002, 03:31 PM

Quote:

Originally posted by ChickenSteak
Write, your own blowfish algorithm. That way it can be encrypted on the server side, but decrypted on the client side. This would be the best way to take on this situation in my opinion.

Blowfish is symmetric. If you can encrypt it on the server, you can decrypt it on the server.

You want something asymmetric, like RSA or el gamal.

ChickenSteak · #9 09-07-2002, 03:33 PM

Quote:

Originally posted by cperciva

Blowfish is symmetric. If you can encrypt it on the server, you can decrypt it on the server.

You want something asymmetric, like RSA or el gamal.

Yes if they have the key, yet only the people authroized will have the key, and in this sence the "key" is the decryption. Also note how I said client/server I didn't say SERVER/SERVER

. Which in this case what he could do is write a c++ script for client side which requires a password to login, and is on client side, and a server side where it just stores the cc#'s. Then the client side goes in & dl's server side to the client side(here is where rsa comes in during the download), and decrypts the c++ program decrypts on the client side.

dreamrae.com · #10 09-08-2002, 02:29 AM

ahhh, storing cc#'s in databases on WEBSERVERS is a bad idea....but if your gonna do it use blowfish

seg fault · #11 09-08-2002, 08:57 AM

plaintext and leave it on your webserver with the name order.log

Ahmad · #12 09-08-2002, 11:39 AM

Hi cperciva,

I feel for you man

Ahmad · #13 09-08-2002, 11:43 AM

Let me give you all some friendly advise:

If you don't understand anything about security, then ..
Do NOT use Blowfish

* If you DO understand anything about security then you don't need anybody to tell you not to use blowfish.