[ic] Credit Card Authorisation/Processing
Dan Browning
interchange-users@interchange.redhat.com
Tue Sep 18 20:50:00 2001
At 09:35 AM 9/19/2001 +1000, you wrote:
>What other options are there with the credit card besides automated payment
>services and an e-mail sent to a local user. Is it possible to get
>Interchange to store the credit card number in the customer profile so that
>it can be remembered/kept on file, and is it possible to display the credit
>card number in the order process section of the administration interface, or
>even in a report that would be printed off with a list of 'waiting for
>credit check' orders and the corresponding credit card # and items ordered.
>Any documents that have a section focused on credit card handling routines
>etc?
>
>Thanks,
>Ross Cousens
>
>P.S. I realise this is a "security risk", but we have a few other methods we
>plan to implement to keep the credit card info secured.
Yes, it is possible. In fact, I'll prevent a different point of view here
in that I think it can even be done in a *secure* (although inconvenient)
way. I think Russ Mann went down that road a while back in a thread "CC
Info in UserDB".
The problem that many site with storing CC numbers is this:
* Store encrypted credit card numbers on server (not plaintext, which is
brain-damaged)
* In order to use payment gateway, you have to have private key file on
server to decrypt
* A hacker comes in and steals your encrypted cc numbers: that's bad enough
(brute force, etc.)
* A hacker comes in and steals your encrypted cc numbers AND your private
key file: now they only have to crack your private-key passphrase or your
ssh-agent
Therefore, the only secure solution is to do off-line cc processing. That
is where the encrypted cc number is e-mailed *once* to your secure location
which can handle the decryption, and only identifying information is used
on the server again (first 2 / last 4 digits of cc number) for customers to
select their card, and for the secure location to know which card to use
when processing.
So when you do off-line processing I think it's a great thing from a
marketing standpoint. Any dissenters out there? I'm wondering right now
if I already missed some loopholes through that method as well, anyone see
some? Of course, how one handles a "secure location" to receive e-mails is
a whole 'nuther can of worms.
I would love to do it for my clients, so I'm interested in how it goes for
you and your finished source code -- even if you end up storing the
encrypted cc numbers and private key on your server. I'm not sure if Russ
Mann ever got everything working like he wanted or not, but maybe he will
weigh in.
Oh, and, make sure you put on your asbestos suit for asking that question. :-)
HTH, HAND,
Dan Browning <danpb@mail.com>