[kwlug-disc] [OT] voip fax/email to fax/ ccards

Bob Jonkman bjonkman at sobac.com
Mon Mar 22 12:52:21 EDT 2010


On 2010-03-22 09:36, John Van Ostrand wrote:
> How about use GPG to encrypt a message that holds the card number and email it to you. The email address could be one that automatically receives the email, decrypts it and stores it in a safe off-line database.

Why decrypt the number before storing it in the database?  Wouldn't 
storing the encrypted number protect against things like stolen 
databases, or lost backups of databases?  Any application with 
legitimate need to access the credit card number should be a holder of 
the decryption key.

In most cases where the transaction is processed immediately, why store 
the number at all?  For the customer's own protection, require them to 
enter a credit card number for every session.  Your application needs it 
just long enough to extract their money, then the credit card number is 
no longer needed.  Doesn't work for Glenn's offline issue, tho.

--Bob, who is getting way off topic on this OT discussion...




More information about the kwlug-disc mailing list