in reply to
Re: Encrypting Credit card numbers
in thread Encrypting Credit card numbers
I think a great company to have (albeit one that may not let you sleep much) would be one that held the card numbers for shmucks like myself that NEED them stored.
You could set up the client to encrypt with the public key, send the info to you, and store it properly. When the info is called for, you can decrypt with the private key and process the charge as well. In essence you could run a payment gateway, but you hold the cards in encryption for each of your clients.
To deal with the security on the client side, you simply let them design their own form with their own page design, but have it on your server inserting or posting as you please, secured how you want it.
With this the card numbers couldn't get stolen (from the web merchant). The hacker could try and duplicate how the transaction is posted to the company holding the decryption key. But they wouldn't get the numbers. They could only run transactions through the merchant's account.
Then guys like myself wouldn't even have access to my own client's card numbers, how great would that be! Not even me, as the CEO of a small web based business, could take a credit card number if I pleased.
Of course one downside with owning a company such as this: every hacker and his grandma would see you as the Mecca of all credit card databases.
I don't know, its 3 a.m., I'm not much of a programmer, I'm sure someone's thought of this before. If there's a company out there that does this LET ME KNOW, because I could use the service and wouldn't mind paying a percentage to ensure TOTAL and proper security of stored card numbers.