[kwlug-disc] [OT] voip fax/email to fax/ ccards
Bob Jonkman
bjonkman at sobac.com
Mon Mar 22 12:52:21 EDT 2010
On 2010-03-22 09:36, John Van Ostrand wrote:
> How about use GPG to encrypt a message that holds the card number and email it to you. The email address could be one that automatically receives the email, decrypts it and stores it in a safe off-line database.
Why decrypt the number before storing it in the database? Wouldn't
storing the encrypted number protect against things like stolen
databases, or lost backups of databases? Any application with
legitimate need to access the credit card number should be a holder of
the decryption key.
In most cases where the transaction is processed immediately, why store
the number at all? For the customer's own protection, require them to
enter a credit card number for every session. Your application needs it
just long enough to extract their money, then the credit card number is
no longer needed. Doesn't work for Glenn's offline issue, tho.
--Bob, who is getting way off topic on this OT discussion...
More information about the kwlug-disc
mailing list