Storing credit card numbers temporarily (OT)by bradcathey (Prior)
|on Aug 13, 2005 at 21:42 UTC||Need Help??|
bradcathey has asked for the
wisdom of the Perl Monks concerning the following question:
Okay, before you implore me to Super Search, I'm aware of the many nodes on PM dealing with credit card security, encryption, SSL, etc. But a short comment by Zaxo here, that I just stumbled across, got me to wondering about something I am currently doing on an e-commerce site. Here's the scenario:
For the sake of argument, let's say temporary storage is safe. But what if the customer bugs out at the summary screen and never makes the purchase, thus never deleting the record? Yikes, I'm storing their CC# when told them I wouldn't.
If I don't store it in a database, where do I store it for the short time I need it? I could:
Any other ideas for how to temporary store that CC# from the time they submit it to the time they click the Purchase button? Thanks!
Update: In case it matters, I have a shared hosting account on Pair, and use their SSL certificate.
Update 2: So, after a day of watching the replies to my OP, I'm thinking I should encrypt the CC# and place it in a hidden field on my summary screen and either stick with the single key I have already *or* randomly generate a key for that session and store it in a cookie. Am I getting close?
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot