View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

payment gateway

Thread began 5/21/2009 8:11 pm by gzirfas374932 | Last modified 5/22/2009 2:07 pm by gzirfas374932 | 858 views | 3 replies

tom250037Beta Tester

Storing credit card numbers online is tricky. If you encrypt them with all with the same key, then they key needs to be stored online, which means that if your server were compromised, a hacker would have access to a database of numbers, and the key to decrypt them.
A system of public and private keys is probably the best, but you could also generate a random key for each sale, and then include that key in the merchants email.
Look into the mysql AES_ENCRYPT function.

Do just like Ray suggested, create your cart using something like authorize.net for the gateway, then on the confirm page,locate the code for that gateway, and replace it with your own function. something like this pseudocode

create random key (maybe a 12 character long random string)
update tablename set cardNumber=AES_ENCRYPT(cardnum,randomkey) where id=cartID
(actually, its a good idea to encrypt all card data, like cvc code, and expiration date as well.)


Then in the email block, include that randomkey in the email, and in the admin, when they access the account, you can have them enter that key to decrypt the card number.

And as always, its a good idea to have a function that lets them delete the card data after they download it.

As another added layer of security, you could store only the card number in a table by itself (just the card number, and the autoincrement id for that table), and then include in the merchant email the id that ties the entry in the credit card table to the customer in the orders table.

The down side to this system, is that if the email doesnt make it to the merchant, then it is not possible to decrypt the card data.

Hope that helps.

Tom

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...