On Apr 5, 2006, at 11:08 PM, Peter wrote:
On 04/05/2006 07:18 PM, Bill Carr wrote:Sorry I don't have an answer but I am glad you brought it up. I think Interchange does not save the CC number for security reasons.Interchange *does* store the credit card number if you have set up PGP encryption. IC will store the encrypted form of the credit card number which can only be decrypted with the corresponding private key.We have not been storing credit card numbers but would like to be able to do the following: 1. Allow the user's payment details to remembered as you mention above. This is becoming a standard for major e-commerce site's (i.e. Amazon.com, Apple.com, etc.).It's a simple matter to resend the stored PGP encrypted credit card data when a new purchase is made.2. Eliminate the need to send the PGP encrypted credit card number via e-mail. This is a confusing part of the process for the merchants we are doing sites for that I would like to eliminate. We are currently directing our customers to setup the encryption using Windows Privacy Tools. We would like to let the merchant see the CC number on the order detail screen and/or give them the ability to download a batch of orders for import into their POS/Accounting system. This transfer would happen via https.This is a bad idea. While https does involve an encrypted session over the internet (so that the number won't be transmitted in plain text) this is not the easiest way to get a credit card number. In fact, sniffing packets on a network to try to obtain a credit card number is rarely used except in the most extreme cases. Much more common means are to (1) install a key logger spyware onto the victim's computer or (2) to hack into the server storing the credit card data and steal that data in bulk. While you can't do much to protect the customer's computer from spyware being installed (1) what you are proposing will open your server(s) up to being able to obtain the data by grabbing it from your server (as in 2).With the current PGP encoding of the credit card data an attacker cannot get the data off the server unless they also have the corresponding private key (hint: *don't* store the private key on your Interchange server, only store the public key there). They can hack into your server and get everyone's credit card data, but not be able to read it. In order to be able to present the credit card number via a browser session your IC server will need to either store the credit card data unencrypted or you will need to store the private key on the server so that it can unencrypt it in real time.The above is very important because under state laws in California and many other states and under a proposed Fedral law, if your customers' private data is compromised in an attack on your servers you are required by law to notify everyone who might have had thier data compromised. If the attacker only got encrypted data but cannot decrypt it then there's nothing that was compromised. but if the attacker got the data unencrypted or had access to the private key to decrypt the data then you are in huge trouble because it is very bad for business to tell your customers that some bad guy got thier credit card info from you.3. Manage recurring billing (i.e. Wine Clubs)That's a really tough one. The best way to go is to store the data encrypted on one server, then allow that server access to another server which will have the necessary private key to unencrypt the data and push the transaction through the credit card processor (but does not store the data post transaction), then you can keep the encrypted data seperate from the key required to unencrypt it. There are probably other ways to do this, that is just one way that comes to mind.For years I've been telling clients we never store credit card numbers.That is incorrect, a better statement would be that all credit card data is stored in an encrypted format so as to make it impossible for an attacker to gain access to this data even if he manages to gain the highest access privlidges on your system.
Thank you for your response.We have had requests from customers to view the credit card numbers on the admin/order detail screen. Is there a way to safely do this?
It has been a burden for us to walk our customers through setting up their PGP keys. We have been using Windows Privacy Tools. Our customers are mostly non-technical and often get confused by the process. Almost all of them are on Windows. We are also limiting them to using Outlook Express for e-mail because there is a WinPT plugin for it. What are some easier ways to get non-technical, remote users setup with PGP?
Bill _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.