Re: after SSL
by Paul Evad <pevad(at)kudosnet.com>
|
| Date: |
Wed, 5 Jan 2000 01:28:13 -0800 |
| To: |
"Keith Kaste" <kkaste(at)hotbot.com>,
hwg-business(at)hwg.org |
| References: |
hotbot |
| |
todo: View
Thread,
Original
|
|
At 8:26 PM -0800 1/4/00, Keith Kaste wrote:
>the sensitive information is received? Say for example a credit card number is stored in a data base on the server. Is that credit card number in danger of being stolen from the server? How is sensitive information protected once it gets to the server?
I recommend NOT storing the credit card information for you clients. Why risk it?
If you are using real-time transaction processing, like cybercash, there is no need to store the card number. Just the order - id and other relative information.
We typically wipe out the middle 9-11 digits of a card for display on receipts etc... 4xxxxxxxxxxx2111
If you really MUST store card information on a server, do it PGP encrypted at the least.
- paul
--------------------- Kudosnet Technologies Inc. ---------------------
pevad(at)kudosnet.com www.kudosnet.com
Domains can now be up to 63 characters long!
http://kudosnet.com/domain/
---------------------------- 1-877-885-8367 --------------------------
HTML: hwg-business mailing list archives,
maintained by Webmasters @ IWA