Guest Posted May 7, 2003 Share Posted May 7, 2003 California has passed a law that will take effect July 1 2003 that governs all e-commerce sites doing business in California (all of us). For more details see: http://www.securityfocus.com/news/1984. The most important result of the law is that companies can be legally liable for damages if they store sensitive personal information such as credit card numbers in a database and that database is stolen/hacked/compromised. One of the implications of the law is that companies should encrypt sensitive personal data such as credit card numbers. That way, even if a database is hacked, this sensitive data will remain (more or less) secure. I think OSC should only store credit card numbers (orders table, cc_number column) in an encrypted format. Link to comment Share on other sites More sharing options...
Sortii Posted May 11, 2003 Share Posted May 11, 2003 The ROT13 loophole? An exception in the law says companies don't have to disclose a breach if the stolen data was stored in an encrypted form. But it doesn't say the encryption has to be strong. "If someone were to hack into the system... obtain the encrypted contents, and are able to unencrypt them, does that trigger the disclosure requirements?," asks Pink. "As I read the legislation, that' s not entirely clear." http://dictionary.reference.com/search?q=cipher With that in place all you need do is 'encrypt' it with a system like this: CC# 1234567890 crappybackcipher system encoded: CC# 0987654321 :) -Sorti Link to comment Share on other sites More sharing options...
Starkness Posted May 27, 2003 Share Posted May 27, 2003 Can someone post a link here where I can find details on cc encryption for oscommerce? Thanks! Starkness Link to comment Share on other sites More sharing options...
gpraceman Posted June 2, 2003 Share Posted June 2, 2003 Can someone post a link here where I can find details on cc encryption for oscommerce? You can try out this contribution, which includes encrypting the credit card number, http://www.oscommerce.com/community/contributions,1148. I only used the encryption/decryption part of this contrib since I use the ECHO payment contrib for the processing and not the CC feature in OSC. So far I have had no problems with it. Awana Grand Prix and Pinewood Derby racing - Where a child, an adult and a small block of wood combine for a lot of fun and memories. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.