| Subject | RE: [firebird-support] Querying Encrypted fields? |
|---|---|
| Author | Kevin Lingofelter |
| Post date | 2004-08-31T05:16:58Z |
Hello,
Is the encrypted number stored as ASCII? If so, you could just index the
encrypted CC number. When you want to query against it, encrypt the CC
number in the client and pass the encrypted result as a parameter to the
procedure (or query).
Perhaps I am missing something, but this seems like it should work.
Kevin Lingofelter
-----Original Message-----
From: Lee Jenkins [mailto:lee@...]
Sent: Monday, August 30, 2004 9:46 PM
To: firebird-support@yahoogroups.com
Subject: RE: [firebird-support] Querying Encrypted fields?
naire.pdf
http://usa.visa.com/business/merchants/cisp_index.html
Yes, there are POS software vendors that do not encrypt CC data. As a
matter of fact, I know of one in particular (a competitor) that did not
encrypt CC data. One of the restaurant's employees got into the database,
extracted credit card numbers and went on a spending spree. Well, the guy
is doing time as we speak. Unfortunately, AmEx also went after the POS
software vendor as well and the suit is still on-going last I heard.
You're correct, normally restaurants DO NOT need to retain credit card info.
Just need to keep it long enough to perform a post authorization of a
previously pre-authorized transaction with tip, if any.
However, we've recently entered the Resort/Hotel market with our new
Micros/Fidelio standard interface and the hotels want to have access to the
credit card numbers for auditing purposes. Even then, they are only kept in
the database for 90 days and deleted during that day's current End of Day
procedures. Also, some restaurants also need to retain cc data for a short
period such as restaurants that perform catering services.
Cheers,
Lee
Yahoo! Groups Links
Is the encrypted number stored as ASCII? If so, you could just index the
encrypted CC number. When you want to query against it, encrypt the CC
number in the client and pass the encrypted result as a parameter to the
procedure (or query).
Perhaps I am missing something, but this seems like it should work.
Kevin Lingofelter
-----Original Message-----
From: Lee Jenkins [mailto:lee@...]
Sent: Monday, August 30, 2004 9:46 PM
To: firebird-support@yahoogroups.com
Subject: RE: [firebird-support] Querying Encrypted fields?
> I'm quite sure there are many many databases around with no encryptionhttp://usa.visa.com/media/business/cisp/Level_3_Merchant_Compliance_Question
> of CC details.
> Not sure what info you have on "Visa/Mastercard regulations dictate"..
> do you have a link?
> They can't make it illegal not too.. they only have your best efforts to
> request of you. If you provide good protection for the database as a whole
> this may be sufficient. But I'm not sure why a restaurant would
> need to keep
> CC details on record.. they should only use them and get rid of them....
> Alan
>
naire.pdf
http://usa.visa.com/business/merchants/cisp_index.html
Yes, there are POS software vendors that do not encrypt CC data. As a
matter of fact, I know of one in particular (a competitor) that did not
encrypt CC data. One of the restaurant's employees got into the database,
extracted credit card numbers and went on a spending spree. Well, the guy
is doing time as we speak. Unfortunately, AmEx also went after the POS
software vendor as well and the suit is still on-going last I heard.
You're correct, normally restaurants DO NOT need to retain credit card info.
Just need to keep it long enough to perform a post authorization of a
previously pre-authorized transaction with tip, if any.
However, we've recently entered the Resort/Hotel market with our new
Micros/Fidelio standard interface and the hotels want to have access to the
credit card numbers for auditing purposes. Even then, they are only kept in
the database for 90 days and deleted during that day's current End of Day
procedures. Also, some restaurants also need to retain cc data for a short
period such as restaurants that perform catering services.
Cheers,
Lee
Yahoo! Groups Links