Credit Cards & Security

Forum Moderators: phranque

Message Too Old, No Replies

Credit Cards & Security

How securely store credit cards on a server?

moltar

5:52 am on Jun 30, 2003 (gmt 0)

What are the ways to store credit cards securely on a server?

Let's assume I use Apache, MySQL, Perl.

TIA

ewanfisher

11:19 am on Jun 30, 2003 (gmt 0)

The safest way to store credit cards on your server would be to... not store them at all.

Some of the major players in Online Shopping have stored credit card details of their members in the past. But this has become a high secuirty risk and a nice target for hackers, and crackers and no longer do this.

In my personal opinion I wouldn't use a web site if I knew that they were storing my credit card details on their site. Storing things like delivery address and billing address is fine though.

moltar

4:10 pm on Jun 30, 2003 (gmt 0)

I want to sell services online. So you think it is better not to store CC on the server, but instead ask user on montly basis to enter it over and over again (unless they pay annualy)?

TIA

Ally_Cat

4:15 pm on Jun 30, 2003 (gmt 0)

That's what I would do. With a nice little message informing them that it is for their own security, of course.

moltar

4:20 pm on Jun 30, 2003 (gmt 0)

Thank you ewanfisher and Ally_Cat. I guess I will do that then. BTW "security message" sound very good! :)

lorax

4:22 pm on Jun 30, 2003 (gmt 0)

I wouldn't necessarily ask them to enter it over and over again. I tell them that we store shipping and billing info but we don't store CC#s. That info is destroyed once the session ID has been terminated.

moltar

4:36 pm on Jun 30, 2003 (gmt 0)

2lorax: yeah, of course I would do that :)

lorax

4:42 pm on Jun 30, 2003 (gmt 0)

I know you would - tis better to vocalize it than to leave any doubt. ;)

ewanfisher

5:14 pm on Jun 30, 2003 (gmt 0)

I think all *decent* online shops should tell their customers exactly what happens with their details and how they are stored...

e.g.:

For security reasons we do not store ANY credit card information on the web. You first enter your credit card details on a secure page (explain what that means?). Your details are then encrypted by our server and sent in this encrypted format to our sales team who will decrypt and process your details. Once your order has been completed your CC details will be destroyed in a secure fashion.

Just my lil bit,
Ewan

moltar

5:18 pm on Jun 30, 2003 (gmt 0)

ewanfisher: yeah, I totally agree with you. That's definitely a big issue on the web. In most cases customers have no idea what is going on with their information.

ewanfisher

5:21 pm on Jun 30, 2003 (gmt 0)

... and this makes them feel unsafe when using their details. I work for an Internet related company and have for some time now. We deal with many aspects of the web that includes online e-commerce. But yet my father still does not trust using his CC on the WWW, no matter how much I try to reassure him.

Online fraud has become not that big a deal for the buyer nowadays. It's the seller that is at risk of loosing out. :(

moltar

5:49 pm on Jun 30, 2003 (gmt 0)

Same for my dad, he buys services online once in a while, but he is being very cautious. And he is one of those people that look for a little lock on the bottom of the browser :).

ewanfisher

6:12 pm on Jun 30, 2003 (gmt 0)

My dad is starting to use it now. But only on major sites and when I am there with him ;)

*wonders off to amazon*...