Advanced Search

Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Storing credit cards...

  1. #1
    Join Date
    May 2006
    Location
    Sydney, Australia - Near the coast.
    Posts
    1,995
    Thanks
    0
    Thanked 8 Times in 7 Posts

    Default Storing credit cards...

    Well, I need to set up this eCommerce system for my cousin.

    What's a secure way of storing credit card transactions? Reversible Encryption? Remote Printing? Or should I just tell him to ring the customer and ask for the details?
    Peter - alotofstuffhere[dot]com - Email Me - Donate via PayPal - Got spare hardware? Donate 'em to me :) Just send me a PM.
    Currently: enjoying the early holidays :)
    Read before posting: FAQ | What you CAN'T do with JavaScript | Form Rules | Thread Title Naming Guide

  2. #2
    Join Date
    Jul 2007
    Location
    California
    Posts
    177
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Default

    If he does enough business, and makes enough money... http://merchantwarehouse.com/credit_...ard+processing

    Something like that could be worth it?

  3. #3
    Join Date
    Sep 2006
    Location
    St. George, UT
    Posts
    2,769
    Thanks
    3
    Thanked 157 Times in 155 Posts

    Default

    I would recommend using a payment gateway such as Paypal, 2Checkout, etc. When messing with Credit Cards and money handling it is always better to use an outside source (in this case, a payment gateway) for it as compared to using a database and a flemsy (spelling?) server-side script.

    Hope this helps.
    "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
    TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design

  4. #4
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,156
    Thanks
    262
    Thanked 690 Times in 678 Posts

    Default

    If they get the data, then they could decrypt it as by that point they would likely have your source code too. I say just make the system secure in the first place.
    The only way that encryption like that would work is if you had a key to it that only he knew. If you had a password that generated a way to decrypt it, that would be helpful.
    But, still, you need to store the data securely. A database is a good idea, I think, as long as it is secure.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  5. #5
    Join Date
    May 2006
    Location
    Sydney, Australia - Near the coast.
    Posts
    1,995
    Thanks
    0
    Thanked 8 Times in 7 Posts

    Default

    Hmm... How would I do a key encryption?
    Peter - alotofstuffhere[dot]com - Email Me - Donate via PayPal - Got spare hardware? Donate 'em to me :) Just send me a PM.
    Currently: enjoying the early holidays :)
    Read before posting: FAQ | What you CAN'T do with JavaScript | Form Rules | Thread Title Naming Guide

  6. #6
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,156
    Thanks
    262
    Thanked 690 Times in 678 Posts

    Default

    I really have no idea.

    Well, I do, but nothing that will directly help you.

    1. Code it yourself.
    2. Look on PHP.net, hoping for some extension that allows this. I'm not currently aware of any functions like that, though.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  7. #7
    Join Date
    May 2006
    Location
    Sydney, Australia - Near the coast.
    Posts
    1,995
    Thanks
    0
    Thanked 8 Times in 7 Posts

    Default

    1. Code it yourself.
    Duh.

    Just point me where to start
    Peter - alotofstuffhere[dot]com - Email Me - Donate via PayPal - Got spare hardware? Donate 'em to me :) Just send me a PM.
    Currently: enjoying the early holidays :)
    Read before posting: FAQ | What you CAN'T do with JavaScript | Form Rules | Thread Title Naming Guide

  8. #8
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,156
    Thanks
    262
    Thanked 690 Times in 678 Posts

    Default

    Go through each character and base it on the password.
    take the md5 of the password, add the ordinal value of the characters to the md5 hash, repeating this every 32 characters. Well, then again, that's just a credit card, so no need to repeat it.
    To decrypt, just do the inverse.
    Or something else. Just be creative, be sure it works every time, and make sure there's no way to fake it.
    It still wouldn't be entirely secure, but it would be helpful.


    EDIT:
    PHP Code:
    <?php

    $pass 
    'test';
    $num '1234123412341234';

    function 
    encrypt($num,$pass) {
        
    $hash substr(md5(md5($pass)),0,16);
        for(
    $n=0;$n<16;$n++) {
        
    $o $num[$n]+ord($hash[$n]);
        
    $out[$n] = $o&#37;10; //PHP PARSER ERROR: #37; should be %.
        
    }
        return 
    implode('',$out);
    }
    function 
    decrypt($num,$pass) {
        
    $hash substr(md5(md5($pass)),0,16);
        for(
    $n=0;$n<16;$n++) {
        
    $o $num[$n]-ord($hash[$n]);
        
    $out[$n] = ($o%10)+10;
        }
        return 
    implode('',$out);
    }

    echo 
    $num."\n";
    echo 
    encrypt($num,$pass)."\n";
    echo 
    decrypt(encrypt($num,$pass),$pass);

    ?>
    Tested, and that works.
    Output:
    1234123412341234
    3058828534429011
    1234123412341234
    Last edited by djr33; 07-27-2007 at 05:44 PM.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  9. #9
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,878
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    For very sensitive details (credit card numbers, security codes), just don't store them at all. Require that the user re-enters them for each new transaction. Most companies do this nowadays; it also provides some protection for the user if the account is compromised.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  10. #10
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,156
    Thanks
    262
    Thanked 690 Times in 678 Posts

    Default

    Sure. But you need to store them the first time, so you can actually bill the account. What would you suggest for that?
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •