[4905] in WWW Security List Archive
Re: Setting Up a Server that will Receive CCards
daemon@ATHENA.MIT.EDU (Bruce Davison)
Wed Mar 26 21:31:20 1997
From: "Bruce Davison" <bruce@mail.magna.com.au>
To: webmaster@edusoft.co.il
Date: Thu, 27 Mar 1997 09:24:45 +0000
Reply-to: bruce@apa.net.au
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
When we store the clients records on the server we encrypt the number
with PGP see http://www.ifi.uio.no/pgp/. Credit card numbers are
never held in the clear on our server. We e-mail the transaction
with the encrypted number to our client for further processing. They
in turn decrypt the number with a plugin for their e-mail package such
as Pegasus mail or Eudora.
> From: "Hernan Garber" <webmaster@edusoft.co.il>
> To: www-security@ns2.rutgers.edu
> Date: Tue, 26 Mar 1996 14:07:05 +0000
> Subject: Setting Up a Server that will Receive CCards
> Reply-to: webmaster@edusoft.co.il
> Priority: normal
> Hi! Can you help me to find a way to make a Secure Server more
> secure when i'll provide Credit Card transactions?... let's say
> anybody writes down in a form his CC number... it comes to the
> server
>
> encrypted, then when that cane to the server what should i do?..
> print the order and then delete the Credit Card Number... andjust
> keep the name and other data of the customer?... how can i transfer
>
> the Client info..... from the server to any other computer that will
> be more secure?... maybe send it to a machine inside a Firewall...
> anyway it's not 100% secure...... what any other way do you imagine
> can be done to protect the DB containing the CC numbers?..
>
>
> Thanks for any Idea!
> Hernan Garber
>
RamGate Support
support@ramgate.com.au
http://www.ramgate.com.au
