[Gllug] OT : Credit cards in a MySQL Database

Liam Delahunty ldelahunty at britstream.com
Tue Jun 17 11:47:07 UTC 2003 

>I'm busy developing an e-commerce site that takes cash bookings that is
>secured via a credit card number.

>How can I safely safe credit card details in MySQL ? or any other sensitive
>information ? encryption ??

>Also, any online transaction clearing companies that you lot worked with
>that is good ? Anyone worked with WorldPay ?

We've done online shops for real retailers and for internet only operations.
So we've had a little experience with both ends of the stick.

You may like to know that some banks can now provide their own worldpay like
interface, (I know HSBC do), which may be cheaper than using worldpay
themselves; we've used worldpay for a client in the past and they were happy
with it.

Essentially you just shove them off to the worldpay site for the CC details
having taken the delivery address and worked out the final cost; WP validate
and then return an authentication code, so now you can then say "ta".

Typically, worldpay send you and the customer an email, and you'll probably
generate an email too. All quite simple, but if your client is already a
retailer then they may wish to use existing PDQs (assuming they have an
agreement from their bankers), so you will need to store CC details, if only
temporally.

Now here's the rub. If you store the card in plain you are being a little
bit silly. However, if you encrypt (with say gnupg), then (as far as I
understand it) you could be allowing (clever) others to decrypt with your
private key. So we encrypt with a public key, the private is never on the
server. So you can decrypt it later off the server.

However... this means that the customer can't then easily log in for a
repeat order and not have to reinput the CC details. So for that, we're now
going to store a plain text version of the first 6 digits, card type and
expiry date. The customer can easily see, "yes that's the card I want used",
but we haven't got a real plain text version of the full number stored, but
can look it up later (obviously assuming the private key still valid).

There are issues with this, as CC numbers only have to confirm to the Luhn
10 test, so it's fairly easy to generate a series of numbers that pass the
test, so if someone did get the plain data, they could generate a series of
valid numbers, one of which would be the real number. But the likelihood of
that is incredibly small, we've chosen the first 6 as the first four numbers
are all supplier specific anyway, 4929 for Barclaycard etc, so all we're
really adding to the mix is another two numbers.

Anyway, hope that's provided some food for thought.

Kind regards,
Liam Delahunty


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list