lammert - 9:57 am on Jan 8, 2008 (gmt 0)

No site is hacker proof. According to the website, the "Hacker Safe" logo prevents 99% of hacker crime in English, French and Japanese and 99.9% of hacker crime in Chinese, Dutch and Portuguese.

According to these figures, translating their site to Chinese might have prevented this attack as that language gives 10 times more protection ;)

What this example shows us is that storing really sensitive information on a web server can give serious problems. One thing what comes up in my mind is to use encryption to store sensitive information. There are encryption schemes with public and private keys which make it possible to encrypt information with one key and decrypt it with an other.

If the payment processing of the credit cards is done via another more secured computer system, the website could just encrypt the information and store that encrypted version in the on-line database. A readable text field could be added to the database which contains a verification version of the credit card number, for example "****-****-****-1234". All the hacker will find are the encrypted credit card numbers and the useless **** versions.

When a payment is processed, the encrypted credit card number is sent to the payment processing computer (ultimately this is the computer system of the credit card company, but it could also be an offline computer at the merchants office) and the second key is used to decrypt the number and process the payment.

With such a scheme you do not prevent that a hacker enters the system, but you make his visit rather worthless. It would need another logo though. Something like "This site is hacker transparant".