How should I store credit cards for offline processing
71 views
Skip to first unread message
Noah
Dec 1, 2006, 10:37:45 AM12/1/06
to Django users
I'm working on a site who's not ready to do online processing with a
gateway but they want to launch anyways. They would like a secure way
to store the credit cards in the database. Does anyone have a good
solution for this?
gateway but they want to launch anyways. They would like a secure way
to store the credit cards in the database. Does anyone have a good
solution for this?
I was thinking but I'd rather not have to write all the code to
implement a pub/priv key pair system where the private key is encrypted
so the admin has to login and enter the password for the view to
decrypt the key to decrypt the credit cards.
comments, ideas?
Joshua "jag" Ginsberg
Dec 1, 2006, 11:01:19 AM12/1/06
to django...@googlegroups.com
Don't implement a pub/priv key pair system -- just use GnuPG. And I
would strongly recommend against having the decryption of this data
anywhere near the same machine as the one that stores the encrypted
cc#'s.
would strongly recommend against having the decryption of this data
anywhere near the same machine as the one that stores the encrypted
cc#'s.
For your online processing, I recommend using TrustCommerce and store
the credit card information in their "Citadel" product -- that way you
don't have to store the credit card numbers ever, at all, period, for
any reason, whatsoever.
-jag
Hull, Dave
Dec 1, 2006, 11:32:17 AM12/1/06
to django...@googlegroups.com
If you can avoid it at all, don't store any portion of the credit card
holder data. The Payment Card Industry Security Standards doc has all
sorts of wonderful regulations you must follow for dealing with CCs.
There's some great reading here:
holder data. The Payment Card Industry Security Standards doc has all
sorts of wonderful regulations you must follow for dealing with CCs.
There's some great reading here:
https://pcisecuritystandards.org/
If you're able to offload all of this to some third party, you should.
IMHO.
--
Dave
Noah
Dec 1, 2006, 1:18:24 PM12/1/06
to Django users
It's only for a couple weeks or so until actual online processing
without storing the cards is implemented. It's also fairly likley there
won't be a single order taken IMO...
without storing the cards is implemented. It's also fairly likley there
won't be a single order taken IMO...
Noah
Dec 1, 2006, 1:18:58 PM12/1/06
to Django users
I figured I'd use GPG
Waylan Limberg
Dec 1, 2006, 1:55:26 PM12/1/06
to django...@googlegroups.com
customers up front. Of course, that may scare them off for good, so you
may be better waiting to launch when the proper system is in place a
couple weeks from now. Perhaps offer them the option of being put on a
(private) mailing list to announce the launch.
Noah
Dec 1, 2006, 2:18:23 PM12/1/06
to Django users
I'm not in charge of such decisions. I only write the code.
Jay Parlar
Dec 1, 2006, 2:26:34 PM12/1/06
to django...@googlegroups.com
On 12/1/06, Noah <noahab...@gmail.com> wrote:
>
> I'm not in charge of such decisions. I only write the code.
>
> I'm not in charge of such decisions. I only write the code.
Doesn't remove the moral obligation on your part to do something about
it, or refuse the work.
Jay P.
Carl Holm
Dec 2, 2006, 2:33:15 AM12/2/06
to django...@googlegroups.com
I can also recommend TrustCommerce - they have a reasonable minimum
monthly fee.
monthly fee.
- CL
Reply all
Reply to author
Forward
0 new messages