"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:0n********************************@4ax.com...
It's almost impossible to keep them secure even if they are encrypted,
because somone else has total control over the machine. Encryption
makes it difficult - but where would you store the key to decrpyt the
numbers?
I was thinking the key to decrypt would have to be entered by the user. It
couldn't be stored. So basically, if you wanted to have an automatic
monthly payment, somebody would need to go to the "processing" page, enter
the key, and let the page run through all the charge transactions.
Actually, another thing I was thinking; if you use SSL, that only secures
the connection during transfer right? So the server has unsecure access ...
but this would mean an unscrupulous hosting company or employee could be
logging CC info anyway. Actually, would that information be logged
somewhere on the server by default?
Is that correct? If so, ecommerce /w a web-host is inherintly unsafe.
The more I think about this better idea I think a 3rd party processing
company is.
Regards,
John