Thanks everyone for the feedback on security. The legal/compliance tips were particularly useful as was the point of not storing the CCV (I checked with the store owner and indeed, we don't need that data at all). thanks, -pH On Feb 21, 2008, at 11:09 AM, Charles Uchu Strader wrote: > Peter, > > This scheme does address a lot of potential security issues. Make > sure you aren't using a more vulnerable to virus email app like the > Express version of Outlook. Deleting used data immediately is key, > even though it is encrypted in the different states it exists in. > > Also, you may want to review possible impacts related to your > merchant agreement. Some merchant providers have contract > restrictions related to what method the credit card information is > collected, so if you don't have a contract that says you can collect > the information online then decide if this is an important > consideration or not. > > Charles Uchu Strader > charles at gaiahost.coop 1-800-672-8060 x803 > ----------------------------------------------------- > GAIA Host Collective, LLC http://www.gaiahost.coop > ----------------------------------------------------- "Internet > hosting from an environmentally and > socially concerned worker-owned cooperative" > ----------------------------------------------------- > > > Peter Hutchins wrote: >> >> ------------------------------------------------------------------------ >> >> I'd like to run a development concept past the security minded >> folks out there for some critical feedback: >> >> I'm setting up a shopping cart for a client who wants to process >> credit card purchases "offline", i.e.: run the transaction through >> their credit card terminal as though it were a phone order without >> a web-based payment gateway or merchant account. This obviously >> requires collecting and storing critical credit card data until the >> store owner processes the transaction, at which point the critical >> data can be deleted. >> >> Here's my proposed solution for securely handling the data: >> 1. CC info is gathered in a SSL encrypted form >> 2. expiration data and ccv are written to a database and encrypted >> via mysql's AES_ENCRYPT() (this DB is separate from the regular >> store DB providing separate password protection, in case the first >> DB is compromised) >> 3. credit card number is split into two parts, with one half being >> encrypted and written to the database with the transaction above >> 4. the other half of the credit card number is written to a file >> that is encrypted with GnuPG and emailed to the store owner >> (protecting it with a Private/Public key and passphrase). >> 5. when the store owner gets the email, he logs into the store >> admin, views the online credit card info, processes the order and >> deletes the online data from the database and the email from his >> inbox. >> >> - One issue I see is that the database login and encryption key for >> that half of the process must be stored on the server, rendering it >> vulnerable to compromise, but the other half of the CC info is >> still protected. >> >> So, my questions are: >> - Is this secure "enough"? >> - Is there a better way? >> >> Thanks! >> -Peter Hutchins >> >> >> : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : >> Peter Hutchins >> Litmus Designs >> 505 S. Albany St. >> Ithaca, NY 14850 >> 413.582.7038 voice >> 413.517.0596 fax >> www.litmusdesigns.com <http://www.litmusdesigns.com> >> >> web design, custom programming & graphic design >> : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Hidden-discuss mailing list - home page: http://www.hidden-tech.net >> Hidden-discuss at lists.hidden-tech.net >> >> You are receiving this because you are on the Hidden-Tech >> Discussion list. >> If you would like to change your list preferences, Go to the >> Members page on the Hidden Tech Web site. >> http://www.hidden-tech.net/members -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20080222/c40fd7cf/attachment-0005.html