|
Posted by trlists on 10/10/60 11:13
On 14 Apr 2005 Chris Shiflett wrote:
> When a user enters a credit card number, there may likely be a
> verification step before the actual purchase is made. It's better to
> keep this number on the server (in the session data store) than to
> unnecessarily expose it over the Internet again (SSL mitigates the risk,
> but an unnecessary risk is still worth avoiding).
>
> Being mindful of this, it's also helpful to not even display it to the
> user, instead showing only the last four digits or something, because
> this display also counts as exposure (since it's in the response).
There is one case where redisplaying the number (via https) makes sense
to me -- when it fails a verification check. The obvious example is a
simple check-digit error due to a typing error on the user's part. In
this case the option is either expecting the user to retype the entire
number every time they make a mistake, or accepting the -- to me
minimal -- risk in sending it back for editing when redisplaying the
form and error message. But doing that does require putting the CC #
in some form into session storage (or some kind of storage) in the case
where the processing / validation and display scripts are separate and
the processing script needs to pass posted data back for redisplay.
Re last four digits, I have notice that many sites seem to be going to
showing the last five or six, first four plus last four, etc.
Apparently people are finding that last four alone isn't sufficient for
users to recognize the card.
--
Tom
Navigation:
[Reply to this message]
|