in reply to (dws)Re: Encrypting Credit card numbers
in thread Encrypting Credit card numbers

Hmm... this is an intresting solution if the credit card number never gets passed back to the webserver or the intermediate server.

Inital Process:

  1. CC number gets sent to DB server and gets returned a "key" to reference it for storage in the noncritical database.
  2. Uses said reference "key" to request that the card be processed.
  3. Intermediate server sends request to CC storage server who then processes the card and sends the request code to intermediate server who sends to webserver.

Rebill Process:

  1. Billing software sends "key" to intermediate server with a price to be billed.
  2. intermediate server relays request to database server who then processes card and sends response code back
  3. Intermediate server returns status code to webserver

I dont see any real problems in this process. Credit cards go in but they dont come out.

Intresting solution.

Pete

insert into pete values('red hair','near green eyes','overinflated ego');

  • Comment on Re: (dws)Re: Encrypting Credit card numbers