Best practices for storing credit card info?
This is a discussion on Best practices for storing credit card info? within the Oracle Miscellaneous forums, part of the Oracle Database category; --> Hello, We are running an ecommerce application using Oracle 8.1.7 enterprise server. What are the best practices when it ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-07-2008, 10:47 PM
| ||||
| ||||
 Best practices for storing credit card info? Hello, We are running an ecommerce application using Oracle 8.1.7 enterprise server. What are the best practices when it comes to storing credit card information? We want the user to be able to specify whether or not they want their credit card info stored so that it can be there when they return. We are on Solaris using a WebLogic front end. Thanks, - Dave      |
|
04-07-2008, 10:47 PM
| |||
| |||
| Re: Best practices for storing credit card info? D. Alvarado (laredotornado@zipmail.com) wrote: : Hello, : We are running an ecommerce application using Oracle 8.1.7 : enterprise server. What are the best practices when it comes to : storing credit card information? We want the user to be able to : specify whether or not they want their credit card info stored so that : it can be there when they return. : We are on Solaris using a WebLogic front end. If you're in Canada there are specific legal requirements you must fulfil if you wish to store this kind of data, so if you're in Canada then check those first. A lawyer would be the expensive way to find what they are, though I assume there are other ways to look up the legal requirements that cost nothing. (otherwise I have no specific answer) |
|
04-07-2008, 10:47 PM
| |||
| |||
| Re: Best practices for storing credit card info? laredotornado@zipmail.com (D. Alvarado) wrote in message news:<9fe1f2ad.0411090647.6e69653d@posting.google. com>... > Hello, > We are running an ecommerce application using Oracle 8.1.7 > enterprise server. What are the best practices when it comes to > storing credit card information? We want the user to be able to > specify whether or not they want their credit card info stored so that > it can be there when they return. > > We are on Solaris using a WebLogic front end. > > Thanks, - Dave ENCRYPT the data in the database! Use SSL in the web page so that the number is not transmitted in plain text over the web. Purge the data if it is not used in some time period. HTH -- Mark D Powell -- |
|
04-07-2008, 10:49 PM
| ||||
| ||||
| Re: Best practices for storing credit card info? D. Alvarado wrote: > Hello, > We are running an ecommerce application using Oracle 8.1.7 > enterprise server. What are the best practices when it comes to > storing credit card information? We want the user to be able to > specify whether or not they want their credit card info stored so that > it can be there when they return. > > We are on Solaris using a WebLogic front end. > > Thanks, - Dave DBMS_OBFUSCATION_TOOLKIT. Possibly keep the last four digits separate in clear text for verification purposes. Not definitely ... just possibly. -- Daniel A. Morgan University of Washington damorgan@x.washington.edu (replace 'x' with 'u' to respond) |
Linear Mode
