homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

CC processing with token
Need provider that returns a unique token per credit card

Msg#: 4422329 posted 5:34 pm on Feb 27, 2012 (gmt 0)

We have artificial limits (throttling) on our e-commerce website per user login, we need a way to prevent a person from simply creating a new account with us and continue spending with the same credit card. We are PCI compliant however we would strongly prefer a 3rd party hosted solution as we'd rather not hold any reversible CC information (in database or memory). Hence a returned unique cc token would suit.

We deal with USD currency only, and can create US bank accounts if necessary.

We were very close to finishing the application steps to RBS WorldPay when we realized their API did not return some type of unique identifier/token for the credit card used in the transaction. authorize.net supplies the last 4 digits of the card used but that isn't enough uniqueness for us to use.

Any other gateways / providers to investigate?



WebmasterWorld Senior Member 5+ Year Member

Msg#: 4422329 posted 11:25 am on Feb 28, 2012 (gmt 0)

It may not be a good solution even if a gateway was providing a token back to you in this context. Visitors could submit the same information using different case letters, whitespace in the various fields, may have a different start/end date for their cards than the previous time they tried to buy something etc.

So from what I understand you need to generate a non-reversible token from some of the fields the customer submits as billing/shipping info after doing some field refinement. And then use the token for identification.


Msg#: 4422329 posted 4:56 pm on Feb 28, 2012 (gmt 0)

I should have been more clear, I would like a token on the CC number only. This way there would be no confusion as to what it encompasses.


WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 4422329 posted 5:11 pm on Feb 28, 2012 (gmt 0)

How about creating a one-way encrypted hash of some sort and using that as your token? I presume you're doing a silent post, you'd create the hash at that point and store only the hash and being a one-way hash, can't be stolen. (reasonably, ANYTHING is possible.)

Next time an account cc comes in, if the hash matches, it's the same card.


Msg#: 4422329 posted 8:24 pm on Feb 28, 2012 (gmt 0)

We would certainly be able to create a one-way hash if we accepted the CC number on our end. However we would prefer a 3rd party hosted gateway to gather the CC data so that we won't have to go through the hassle of monthly PCI compliance.


10+ Year Member

Msg#: 4422329 posted 5:58 pm on Mar 2, 2012 (gmt 0)

Have you looked at Gate2Shop?

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved