Full service web hosting, great prices and support. Starts at $1.99/month!
Results 1 to 5 of 5

Thread: credit card encryption in database

  1. #1
    suba
    Guest


    Default credit card encryption in database

    Is there a way to encrypt the CC# in the database? My concern is that the web host employees can access the database and thus could read the CC info there as it's not encrypted?

  2. #2
    osCMax Developer


    credit card encryption in database

    michael_s's Avatar
    Join Date
    Jul 2002
    Location
    Phoenix, AZ
    Posts
    23,014
    Contribute If you enjoy reading the
    content here, click the below
    image to support our site.
    Click Here To Contribute To Our Site

    Total Contributions For

    michael_s     $ 10.00
    Rep Power
    594


    Default

    Not if you are using the default credit card module. You will need to use something like the GPG encryption mod, or a real payment gateway. You can set it to split the card number in half, mailing part to you, storing the other part in the db, but don't fool yourself, that hardly qualifies as secure.

    I recommend NEVER using the default credit card module included with osCommerce. It is not secure.
    Michael Sasek

    osCmax 2.5.4 is now available via auto-installation using Softaculous!

    Stay Up To Date with everything osCMax:
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation

  3. #3
    suba
    Guest


    Default

    Hmm, I agree that the default is not to be trusted. But won't using the GPG mod require offline processing? Is there a way to do online processing (i.e not involving email) for sites that have SSL but having the CC# encrypted in the database?

  4. #4
    osCMax Developer


    credit card encryption in database

    michael_s's Avatar
    Join Date
    Jul 2002
    Location
    Phoenix, AZ
    Posts
    23,014
    Contribute If you enjoy reading the
    content here, click the below
    image to support our site.
    Click Here To Contribute To Our Site

    Total Contributions For

    michael_s     $ 10.00
    Rep Power
    594


    Default

    Suba, even the default CC module requires offline processing.

    If you want to use realtime processing you need to use one of the other payment gateways, like authorizenet. Those do not store the CC# in the db. And, if you do realtime processing, there is not a need to store the CC# in the db. I don't know of any mods that allow both realtime processing and storage of the number.
    Michael Sasek

    osCmax 2.5.4 is now available via auto-installation using Softaculous!

    Stay Up To Date with everything osCMax:
    osCmax on Twitter - Up to the minute info as it happens. Know it first.

    osCmax Documentation

  5. #5
    suba
    Guest


    Default

    I don't mean realtime, just online. ie. I use edit order (I think it's a mod?) to print out the actual order which includes all the information including CC#, and allows auto generation of update emails to the customer.

    Now this is all secure from a transmission point of view via SSL, it's just the database storage I am concerned with. It would be nice not to have a myriad of emails floating around as they are hard to keep track of, whereas the database is compact, easy to backup/seach/index.

    If I install GPG will I lose the ability to use 'edit order' to process the order as the CC info will be encrypted?

    I'm guessing it'd need some sort of GPG via SSL method to work?

Similar Threads

  1. Credit Card problems
    By lem in forum osCMax v1.7 Installation
    Replies: 3
    Last Post: 05-16-2006, 01:50 PM
  2. GPG Credit Card Encryption payment method not showing up.
    By Nocturnaloner in forum osCmax v1.7 Discussion
    Replies: 0
    Last Post: 05-01-2005, 04:09 PM
  3. Credit card processing
    By ksl8313 in forum osCommerce 2.2 Modification Help
    Replies: 4
    Last Post: 02-07-2005, 12:23 AM
  4. Credit Card will not process...HELP!
    By lem in forum osCmax v1.7 Discussion
    Replies: 0
    Last Post: 12-29-2004, 10:04 AM
  5. Credit Card Numbers in the Orders Database
    By ukgoods in forum osCommerce 2.2 Modification Help
    Replies: 1
    Last Post: 07-12-2004, 11:38 AM

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •