[Hidden-tech] Shopping cart security

[Richard Resnick]

Peter -

Sounds like a pretty strong approach. But every approach is crackable. (For
instance, a good hacker would figure out that you built the site and then
learn enough about you to find this post.)

Regardless, if you store credit card data in ANY WAY whatsoever, be sure you
have plenty of errors & omissions insurance. The E&O insurer will need your
entire technical plan to give you a quote. Your customer may end up paying
more for insurance than he/she would for simply getting a merchant account
for web transactions. In one of my previous companies we stored credit card
data and paid about $300 a month for the right insurance to cover us. In
general, my feeling is that it almost never makes sense to store credit card
data.

Good luck,
Richard

On Thu, Feb 21, 2008 at 7:10 AM, Peter Hutchins <peter at litmusdesigns.com>
wrote:

>   ** The author of this post was a Good Dobee.
>   ** You too can help the group
>   ** Fill out the survey/skills inventory in the member's area.
>   ** If you did, we all thank you.
>
>
>
> I'd like to run a development concept past the security minded folks out
> there for some critical feedback:
> I'm setting up a shopping cart for a client who wants to process credit
> card purchases "offline", i.e.: run the transaction through their credit
> card terminal as though it were a phone order without a web-based payment
> gateway or merchant account. This obviously requires collecting and storing
> critical credit card data until the store owner processes the transaction,
> at which point the critical data can be deleted.
>
> Here's my proposed solution for securely handling the data:
> 1. CC info is gathered in a SSL encrypted form
> 2. expiration data and ccv are written to a database and encrypted via
> mysql's AES_ENCRYPT() (this DB is separate from the regular store DB
> providing separate password protection, in case the first DB is compromised)
> 3. credit card number is split into two parts, with one half being
> encrypted and written to the database with the transaction above
> 4. the other half of the credit card number is written to a file that is
> encrypted with GnuPG and emailed to the store owner (protecting it with a
> Private/Public key and passphrase).
> 5. when the store owner gets the email, he logs into the store admin,
> views the online credit card info, processes the order and deletes the
> online data from the database and the email from his inbox.
>
> - One issue I see is that the database login and encryption key for that
> half of the process must be stored on the server, rendering it vulnerable to
> compromise, but the other half of the CC info is still protected.
>
> So, my questions are:
> - Is this secure "enough"?
> - Is there a better way?
>
> Thanks!
> -Peter Hutchins
>
>
>  : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :
> Peter Hutchins
> Litmus Designs
> 505 S. Albany St.
> Ithaca, NY 14850
> 413.582.7038 voice
> 413.517.0596 fax
> www.litmusdesigns.com
>
> web design, custom programming & graphic design
> : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :
>
>
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20080221/38ac9c9d/attachment-0004.html