Safety in Numbers
By Brian Jepson
Using protocols like the Secure Sockets Layer (SSL) to transfer credit card numbers, and other personal information, to and from your site can greatly reassure security-conscious customers. Yet, transfer protocols secure data only while it's en route. Once the data is on your server, it's much more difficult to ensure its safety.
Consider a Web site hosted on a virtual server with 100 other Web sites. Where do credit card numbers go after customers submit orders? There are three common storage methods for customer data: email messages, flat files, and databases. Each one has its disadvantages.
Email is perhaps one of the most basic ways to receive and store credit card numbers. Many smaller companies have their order forms feed into a script that packages customer data into an email message. The message gets sent to someone in the company who later processes the order manually. If your company uses this method, hopefully your business practices require you to encrypt each message before transit and during storage. If not, consider how many machines your email travels across before it reaches its destination. How long does the email sit in your in-box before someone on your staff reads it? If someone accesses your email while it's in transit or while it's sitting in plain view on your desktop, you could be in for big trouble, legally and financially. For that reason, you should always assume that plain email is insecure.
Small and mid-level sites often use flat files as simple substitutes for larger, expensive databases. Suppose you store the credit card numbers and transaction identifiers as comma-separated values in a flat file.
