inveni0 - 1:24 pm on May 2, 2013 (gmt 0)
The credit card numbers have to be recalled for later entry into a separate credit card processing terminal. The system will also be designed to process the numbers through an online gateway, but the bulk of the clients using this administrative software will not be set up to handle payments in that manner (as they will prefer to process the credit cards at a date TBD). So storage is, unfortunately, necessary.
I hadn't thought of using a compiled script to encrypt/decrypt the information, though. I'll be looking into that immediately, as it will further secure the encryption algorithms being used. The only issue I see with it, however, is that once a hacker knows what to pass to the script and how to read the return, there is no stopping them from accessing it. It's just the nature of the beast, I'm afraid. Even a bank can lock up all of its money in a timed vault, but that won't stop a determined criminal from getting the money.
Again, this is not the fix-all for security. It's just a wrench in the hacker's plan.
I'm looking now for some certified ethical hackers, as that seems to be my best bet for seeing how difficult it is to reverse engineer the card encryption. My goal is to make reverse engineering the card numbers harder than hacking the server.