Results 1 to 2 of 2

Thread: Encryption

  1. #1
    Join Date
    Dec 1969

    Default Encryption

    I am sorry for the repost, as I posted on Saturday and no one has responded so I thought I would repost.<BR><BR>I have a site that accepts credit cards online. We also store all the users information in our sql server 7.0 database. When a user first comes to our site, they are asked to create a username and password (so they can access all there personal and credit card information later), we then email that person a copy of the user name and password so they can not forget it.<BR><BR>Well you see my problem, is that emailing the username and password would give anyone who intercepted it access to that persons information, so I am wondering if there is a way that I can send a secured email or make it encrypted somwhow. If a person forgets there username and password, there is a pot on our site where they can enter there email address and we automatically send them there username and password, but how can I make it "secured"...<BR><BR>Please help as this is a big security concern...

  2. #2
    Join Date
    Dec 1969

    Default RE: Encryption

    Hi,<BR><BR>Really the only way to make it secure is not to store the CC info on the DB, (I hope you encrypted this info in the DB any way) The best way to handle this to let people enter the info every time they wish to make a purchase and to delete the info after processing the payment and getting approval from whomever you deal with to approve the cards. The liability is way too high if your server gets hacked and the info taken. <BR><BR>The other option is to farm out the processing to a reliable third party and let them worry about the encryption and storage of the data regarding the CC. <BR><BR>If it is just the password info that you want verified then ask the user to remember his/her password. Should they forget, an online form with several questions based on some personal info as registered earlier with a sign up type form can be used to deliver the password back to the browser securely. <BR><BR>But by all keep away from sending sensitive information by email, especially where the users have CC info held by you and this can be used to go shopping.<BR><BR>hth<BR>Bastien

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts