homepage Welcome to WebmasterWorld Guest from 54.227.146.68
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
credit card security question
Should a site display last 4 digits and expiration date on non-SSL page?
zollerwagner




msg:628843
 5:52 pm on May 10, 2005 (gmt 0)

I learned recently that a charity's web site is displaying the last four digits of my credit card and its expiration date on a non-SSL page. (Yes, I did give them my credit card number earlier!)

The page is hosted by a third party (Get Active or ga0). There is one GET (not POST) variable attached to the URL with about 50 characters, so it would probably be hard to guess someone's variable.

If I want to change my credit card info, the site takes me to a SSL page.

My question: Is this insecure? Or am I being paranoid?

 

harleyx




msg:628844
 1:47 am on May 11, 2005 (gmt 0)

I about 95% sure the last 4 numbers of a card are used to identify which credit card company it is (IE: they're the same on every discover card, or every mastercard).

upside




msg:628845
 6:02 am on May 11, 2005 (gmt 0)

The first 6 digits of a credit card identify the issuing bank.

Displaying the last 4 digits of a card number shouldn't be a problem because credit card companies permit the last 4 digits of a card number to be transmitted in email and printed on customer receipts. However, the card expiration date is confidential and by storing or displaying it they are violating the card processing agreements and opening themselves up for fines.

zollerwagner




msg:628846
 7:10 am on May 11, 2005 (gmt 0)

Thanks for the replies! That helps. I'll see if I can get the charity or ga0 to do something about this.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved