[AccessD] Transactions

Mark A Matte markamatte at hotmail.com
Fri Sep 7 09:55:53 CDT 2007 

Arthur,

I recently wrote and ecryption/decryption module for credit card numbers.  I 
can't give specifics on how I did it...but I can share that the 'reviewing 
authority'...some group hired to say "Yes, this is suffucient 
encryption...or NO its not"...did like the fact that the CC# was never 
stored in any DB unencrypted.  The app reads the CC from an unbound field, 
encrypts it...and stores the encrypted value (also the last four for 
reference purposes).  When they need to view the CC#, it is decrypted and 
displayed in an unbound field.  The 2nd thing liked was that the code to do 
this was not in the DB...it was saved as a library and referenced...

I basically converted the CC# into a 10 digit Alpha-numeric string using an 
'algorithm'

Hope its helpful.

Thanks,

Mark A. Matte


>From: "Arthur Fuller" <fuller.artful at gmail.com>
>Reply-To: Access Developers discussion and problem 
>solving<accessd at databaseadvisors.com>
>To: "Access Developers discussion and problem 
>solving"<accessd at databaseadvisors.com>
>Subject: Re: [AccessD] Transactions
>Date: Fri, 7 Sep 2007 05:23:13 -0400
>
>This would appear to be an appropriate thread in which to present my
>question, rather than beginning a new thread. The app I have just developed
>is for a very small market niche (in fact, so far as I have determined, 
>said
>niche contains only one competitor, and my client is so unhappy with said
>competitor's product that she commissioned me to write a replacement). All
>that aside, there is the issue of credit cards.
>
>It's simple enough to mask the content of the credit card column so that
>only the last four numbers show, but the data is still there, naked as it
>were, and subject to the aforementioned "link tables" attack. This app uses
>an MDB as its back end (so far). I know what to do if the BE is SQL Server
>(encrypt the column), but I am not sure what to do in the case of an MDB 
>BE.
>The firm's accountant is concerned with this data being potentially
>available to leakage (either a disgruntled employee or an internet
>penetration). Perhaps a code algorithm to scramble and unscramble the
>numbers will suffice. I'm not sure. Any thoughts from the esteemed
>readership here?
>
>A.
>--
>AccessD mailing list
>AccessD at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/accessd
>Website: http://www.databaseadvisors.com

_________________________________________________________________
Get a FREE small business Web site and more from Microsoft® Office Live! 
http://clk.atdmt.com/MRT/go/aub0930003811mrt/direct/01/

More information about the AccessD mailing list