[ic] User options

Thu Apr 6 09:51:21 EDT 2006

On Apr 5, 2006, at 11:08 PM, Peter wrote:

> On 04/05/2006 07:18 PM, Bill Carr wrote:
>> Sorry I don't have an answer but I am glad you brought it up. I  
>> think  Interchange does not save the CC number for security reasons.
>
> Interchange *does* store the credit card number if you have set up  
> PGP encryption.  IC will store the encrypted form of the credit  
> card number which can only be decrypted with the corresponding  
> private key.
>
>> We have  not been storing credit card numbers  but would like to  
>> be able to do  the following:
>> 1. Allow the user's payment details to remembered as you mention   
>> above. This is becoming a standard for major e-commerce site's  
>> (i.e.  Amazon.com, Apple.com, etc.).
>
> It's a simple matter to resend the stored PGP encrypted credit card  
> data when a new purchase is made.
>
>> 2.  Eliminate the need to send the PGP encrypted credit card  
>> number  via e-mail. This is a confusing part of the process for  
>> the merchants  we are doing sites for that I would like to  
>> eliminate. We are  currently directing our customers to setup the  
>> encryption using  Windows Privacy Tools. We would like to let the  
>> merchant see the CC  number on the order detail screen and/or give  
>> them the ability to  download a batch of orders for import into  
>> their POS/Accounting  system. This transfer would happen via https.
>
> This is a bad idea.  While https does involve an encrypted session  
> over the internet (so that the number won't be transmitted in plain  
> text) this is not the easiest way to get a credit card number.  In  
> fact, sniffing packets on a network to try to obtain a credit card  
> number is rarely used except in the most extreme cases.  Much more  
> common means are to (1) install a key logger spyware onto the  
> victim's computer or (2) to hack into the server storing the credit  
> card data and steal that data in bulk.  While you can't do much to  
> protect the customer's computer from spyware being installed (1)  
> what you are proposing will open your server(s) up to being able to  
> obtain the data by grabbing it from your server (as in 2).
>
> With the current PGP encoding of the credit card data an attacker  
> cannot get the data off the server unless they also have the  
> corresponding private key (hint: *don't* store the private key on  
> your Interchange server, only store the public key there).  They  
> can hack into your server and get everyone's credit card data, but  
> not be able to read it.  In order to be able to present the credit  
> card number via a browser session your IC server will need to  
> either store the credit card data unencrypted or you will need to  
> store the private key on the server so that it can unencrypt it in  
> real time.
>
> The above is very important because under state laws in California  
> and many other states and under a proposed Fedral law, if your  
> customers' private data is compromised in an attack on your servers  
> you are required by law to notify everyone who might have had thier  
> data compromised.  If the attacker only got encrypted data but  
> cannot decrypt it then there's nothing that was compromised.  but  
> if the attacker got the data unencrypted or had access to the  
> private key to decrypt the data then you are in huge trouble  
> because it is very bad for business to tell your customers that  
> some bad guy got thier credit card info from you.
>
>> 3. Manage recurring billing (i.e. Wine Clubs)
>
> That's a really tough one.  The best way to go is to store the data  
> encrypted on one server, then allow that server access to another  
> server which will have the necessary private key to unencrypt the  
> data and push the transaction through the credit card processor  
> (but does not store the data post transaction), then you can keep  
> the encrypted data seperate from the key required to unencrypt it.   
> There are probably other ways to do this, that is just one way that  
> comes to mind.
>
>>  For years I've been telling
>> clients we never store credit card numbers.
>
> That is incorrect, a better statement would be that all credit card  
> data is stored in an encrypted format so as to make it impossible  
> for an attacker to gain access to this data even if he manages to  
> gain the highest access privlidges on your system.
Thank you for your response.

We have had requests from customers to view the credit card numbers  
on the admin/order detail screen. Is there a way to safely do this?

It has been a burden for us to walk our customers through setting up  
their PGP keys. We have been using Windows Privacy Tools. Our  
customers are mostly non-technical and often get confused by the  
process. Almost all of them are on Windows. We are also limiting them  
to using Outlook Express for e-mail because there is a WinPT plugin  
for it. What are some easier ways to get non-technical, remote users  
setup with PGP?

Bill