RE: Credit Card Number Encryption
RE: Credit Card Number Encryption
- Subject: RE: Credit Card Number Encryption
- From: "Albert Jagnow" <email@hidden>
- Date: Fri, 23 Apr 2004 17:08:57 -0500
- Priority: normal
- Thread-topic: Credit Card Number Encryption
I don't know if you are forced to use the perl solution, but if not you
should look at something like Verisign Payflow Pro
http://www.verisign.com/products/payflow/pro/index.html for doing the
credit card processing. They have a native java library. You can do
the credit card transactions in XML. Very simple to integrate and use
with webobjects. Also they have a recurring billing feature. I have
never looked at the details of the recurring billing, but basically they
store the information on their server so you don't have to worry about
the credit card security issue.
--Albert
-----Original Message-----
From: Gerald Hanks [mailto:email@hidden]
Sent: Friday, April 23, 2004 3:52 PM
To: Chuck Hill
Cc: email@hidden
Subject: Re: Credit Card Number Encryption
Not storing the cc data certainly would be a nice thing but
unfortunately the product being paid for is a reoccurring service. I
don't want to require the customer to return each month to put in their
cc info again. One additional twist to add to the mix. The card
processing is actually done using some perl libraries that have come
from the credit card processing company. So ideally I am looking for
something that I can use to encrypt in Java and decrypt in perl.
--gerald
On Apr 23, 2004, at 2:02 PM, Chuck Hill wrote:
> The java.crypto libraries have a fair bit in them. Search for JCE in
> Google. The hands down most secure way is to not store them or store
> only the first few digits. The customer needs to re-enter them at
> each purchase. A minor nuisance but the customer is guaranteed that
> nobody can hack into your system and get their CC information. I've
> seen a few sites that do this for security.
>
> Chuck
>
> On Apr 23, 2004, at 12:27 PM, Gerald Hanks wrote:
>
>> Could someone please tell me what the standard would be for
>> encrypting sensitive data such as credit card numbers in WebObjects?
>> Are there libraries/routines that are used both within the United
>> States as well as outside the US or is there a standard that is used
>> for both?
>>
>> -gerald
>> _______________________________________________
>> webobjects-dev mailing list | email@hidden
>> Help/Unsubscribe/Archives:
>> http://www.lists.apple.com/mailman/listinfo/webobjects-dev
>> Do not post admin requests to the list. They will be ignored.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
This e-mail (including any attachments) is covered by the Electronic
Communications Privacy Act, 18 USC. 2510-2521. It is confidential and
may be legally privileged. If you are not the intended recipient, you
are hereby notified that any retention, dissemination, distribution, or
copying of this communication is strictly prohibited. Please reply to
the sender that you have received the message in error, and then delete
it. Thank you.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.