Credit Card encryption
in [General]
|
From: Paul M Foster on 31 May 2010 21:24 On Mon, May 31, 2010 at 05:06:23PM -0400, tedd wrote: > At 12:36 PM -0400 5/31/10, I wrote: >> That's Okay, but I'm simply telling you what I KNOW to be true. You >> may either accept what I have to say, or reject it, but to reply >> that what I say is "Not true" is somewhat offensive and >> confrontational. I hope you didn't mean it that way. :-) > > My apologies for taking what you said as I did and my reply -- it was > wrong of me. I am sure you didn't mean anything offensive. You are correct. I meant no offense. In turn, when I read your post, it appeared that you were making a blanket statement applicable under all conditions, to which I objected. However, reading back over it, you did insert qualifiers. Paul -- Paul M. Foster
From: Peter Lind on 1 Jun 2010 03:52 Just wondering: seems there's a bit of a misunderstanding going on here. Are you talking about storing credit card information in a way such that customers can do online transactions without entering that information? Or are you talking about storing this information so your own company can fill in the details on a monthly basis? If 1) then the above points apply and you should not store the data, period. If 2) then I would assume the situation is somewhat different - though, not knowing the laws from the US I wouldn't really know. Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 </hype>
From: Paul M Foster on 1 Jun 2010 09:58 On Tue, Jun 01, 2010 at 09:52:54AM +0200, Peter Lind wrote: > Just wondering: seems there's a bit of a misunderstanding going on > here. Are you talking about storing credit card information in a way > such that customers can do online transactions without entering that > information? Or are you talking about storing this information so your > own company can fill in the details on a monthly basis? > If 1) then the above points apply and you should not store the data, > period. If 2) then I would assume the situation is somewhat different > - though, not knowing the laws from the US I wouldn't really know. No to #1, yes to #2. As for #1, companies like Godaddy do store this information, so I know it can be safely done. But no, we do #2. If we were doing #1, I would turn this over to some gateway and not save the info. I'm not sure any of this has to do with laws. It has more to do with the PSS and the rules of individual credit card companies (Visa, American Express, etc.). Paul -- Paul M. Foster
From: Peter Lind on 1 Jun 2010 10:17 On 1 June 2010 15:58, Paul M Foster <paulf(a)quillandmouse.com> wrote: > On Tue, Jun 01, 2010 at 09:52:54AM +0200, Peter Lind wrote: > >> Just wondering: seems there's a bit of a misunderstanding going on >> here. Are you talking about storing credit card information in a way >> such that customers can do online transactions without entering that >> information? Or are you talking about storing this information so your >> own company can fill in the details on a monthly basis? >> Â If 1) then the above points apply and you should not store the data, >> period. If 2) then I would assume the situation is somewhat different >> - though, not knowing the laws from the US I wouldn't really know. > > No to #1, yes to #2. > > As for #1, companies like Godaddy do store this information, so I know > it can be safely done. As I noted above: the question is not whether it can be done, the question is whether you want to be the next critter in the limelight because *you* couldn't do it. However, glad to hear you're not looking to do this. That brings up the next question though: what's this got to do with PHP? If I was to store any information like this, I certainly wouldn't code my own storage system with built-in encryption. I would rely on one of the many adequate cryptography programs available, made specifically for encrypting and storing data safely. Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 </hype>
From: tedd on 1 Jun 2010 10:42
At 9:24 PM -0400 5/31/10, Paul M Foster wrote: >On Mon, May 31, 2010 at 05:06:23PM -0400, tedd wrote: > >> At 12:36 PM -0400 5/31/10, I wrote: >>> That's Okay, but I'm simply telling you what I KNOW to be true. You >>> may either accept what I have to say, or reject it, but to reply >>> that what I say is "Not true" is somewhat offensive and >>> confrontational. I hope you didn't mean it that way. :-) >> >> My apologies for taking what you said as I did and my reply -- it was >> wrong of me. I am sure you didn't mean anything offensive. > >You are correct. I meant no offense. In turn, when I read your post, it >appeared that you were making a blanket statement applicable under all >conditions, to which I objected. However, reading back over it, you did >insert qualifiers. > >Paul Okay, let's not get a room over this. :-) Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com |