Welcome to WebmasterWorld Guest from 23.22.200.6

Forum Moderators: buckworks

Message Too Old, No Replies

CC processing with token

Need provider that returns a unique token per credit card

     
5:34 pm on Feb 27, 2012 (gmt 0)

New User

5+ Year Member

joined:Apr 29, 2010
posts:6
votes: 0


Background:
We have artificial limits (throttling) on our e-commerce website per user login, we need a way to prevent a person from simply creating a new account with us and continue spending with the same credit card. We are PCI compliant however we would strongly prefer a 3rd party hosted solution as we'd rather not hold any reversible CC information (in database or memory). Hence a returned unique cc token would suit.

We deal with USD currency only, and can create US bank accounts if necessary.

We were very close to finishing the application steps to RBS WorldPay when we realized their API did not return some type of unique identifier/token for the credit card used in the transaction. authorize.net supplies the last 4 digits of the card used but that isn't enough uniqueness for us to use.

Any other gateways / providers to investigate?
11:25 am on Feb 28, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Apr 30, 2007
posts:1394
votes: 0


It may not be a good solution even if a gateway was providing a token back to you in this context. Visitors could submit the same information using different case letters, whitespace in the various fields, may have a different start/end date for their cards than the previous time they tried to buy something etc.

So from what I understand you need to generate a non-reversible token from some of the fields the customer submits as billing/shipping info after doing some field refinement. And then use the token for identification.
4:56 pm on Feb 28, 2012 (gmt 0)

New User

5+ Year Member

joined:Apr 29, 2010
posts:6
votes: 0


I should have been more clear, I would like a token on the CC number only. This way there would be no confusion as to what it encompasses.
5:11 pm on Feb 28, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


How about creating a one-way encrypted hash of some sort and using that as your token? I presume you're doing a silent post, you'd create the hash at that point and store only the hash and being a one-way hash, can't be stolen. (reasonably, ANYTHING is possible.)

Next time an account cc comes in, if the hash matches, it's the same card.
8:24 pm on Feb 28, 2012 (gmt 0)

New User

5+ Year Member

joined:Apr 29, 2010
posts:6
votes: 0


We would certainly be able to create a one-way hash if we accepted the CC number on our end. However we would prefer a 3rd party hosted gateway to gather the CC data so that we won't have to go through the hassle of monthly PCI compliance.
5:58 pm on Mar 2, 2012 (gmt 0)

Full Member

10+ Year Member

joined:Sept 11, 2002
posts: 293
votes: 0


Have you looked at Gate2Shop?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members