• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Storing Credit Card Data
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Storing Credit Card Data

  • Subject: Re: Storing Credit Card Data
  • From: Chuck Hill <email@hidden>
  • Date: Tue, 06 Jan 2004 18:04:18 -0800
Drew,

As a customer, I would *much* rather re-enter my card number at every
purchase than trust some unknown company / developer / hosting company to
store it securely.  I'd very carefully weigh the convenience to your
customers against the comfort they would get knowing that you are not
storing their card number.

If you don't store the number then only an attack on the JVM can retrieve
it.  Such an attack is not trivial.

If you store it in the database you can just take the approach that the
database is not accessible via the internet and you trust all the staff.
In which case, just store it as a string.  If you don't trust the staff,
fire them.  :-)

Or, you can take the approach that you don't trust some of the staff and
that the DB might be accessible via the internet.  In which case you can
make it more difficult by encrypting it.  However - you are also going to
need to decrypt it which means you need to keep the key around.  So all of
the developers and anyone who can get access to the compiled app will be
able to figure out how to decrypt it and probably have access to the key too.

Nothing is 100% safe.


Chuck



At 07:24 PM 06/01/2004 -0500, Drew Thoeni wrote:
>This is likely off topic, so I apologize in advance. But, I think there
>is likely a "web objects" way of handling this and I'd like to hear the
>list's experience.
>
>I'm accepting credit cards on the site I'm writing and will be using
>Payflow Pro to authorize. I'll also be using HTTPS for the transaction
>(of course).
>
>I do *not* want to store the credit card data on an Internet accessible
>database, but, of course, want to store the card info to make it easier
>for the user to make a second purchase.
>
>Has anyone had experience with this?
>
>Drew
>_______________________________________________
>webobjects-dev mailing list | email@hidden
>Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
>Do not post admin requests to the list. They will be ignored.
>

--

Chuck Hill                                 email@hidden
Global Village Consulting Inc.             http://www.global-village.net
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Storing Credit Card Data
      • From: Arturo PĂ©rez <email@hidden>
References: 
 >Storing Credit Card Data (From: Drew Thoeni <email@hidden>)

  • Prev by Date: triggering error messages after data edits
  • Next by Date: Re: Storing Credit Card Data
  • Previous by thread: Storing Credit Card Data
  • Next by thread: Re: Storing Credit Card Data
  • Index(es):
    • Date
    • Thread