How to Store Sensitive Information More Securely
For the latest version of Commerce Server 2007 Help, see the Microsoft Web site.
By default, Commerce Server does not persist credit card numbers or personal identification numbers (PINs) to a database. If you extend Commerce Server to store credit card numbers or other sensitive information in the Basket object or other objects, do not store the sensitive information as unencrypted text. Storing sensitive information as unencrypted text might compromise the security of the sensitive information. Instead, consider one of the options described below.
Although the procedures below describe storing credit card information, you can extend these procedures for storing any sensitive information.
Improving the Security of Sensitive Information if You Process Payments in Real Time
The following procedure provides guidelines for storing sensitive information more securely if you process payments from your site code:
Configure the profile service to use encryption by providing both a public key and a private key.
Store the credit card information in the Credit Card profile.
Store the GUID of the Credit Card profile in the Basket object. If your site will display the last four digits of the credit card number, store the last four digits in the Basket object also.
Before you run a pipeline on the Basket object, use the GUID that you stored in the previous step to retrieve the credit card information from the Credit Card profile, and add the credit card information to the Basket object. Because the Profiles System has both the public key and the private key, it returns the credit card information as unencrypted text.
Run the Checkout pipeline to process the order and authorize the credit card payment.
If you need to store the credit card information with the OrderForm object, store the GUID of the Credit Card profile, the last four digits of the credit card, and the transaction ID instead.
In this scenario, the credit card information is never stored in the database in unencrypted text. Therefore, you do not need to encrypt the Orders database.
Improving the Security of Credit Card Numbers If You Process Payments Offline
The following procedure provides guidelines for storing credit card information more securely if you process payments offline:
Configure the profile service to use encryption by providing only a public key.
Important Note: Do not configure the profile service with a private key.
Configure the back-end system that processes credit card payments with the private key.
From your site code, store the credit card information in the Credit Card profile.
Before you run a pipeline on the Basket object, fetch the credit card information from the Credit Card profile and store it in the Basket object. Because the Profiles System does not have the private key, it returns the credit card information in an encrypted format.
In the back-end system that processes credit card payments, decrypt the credit card information by using the RSA public key encryption algorithm before processing the payment.
In this scenario, the credit card information is never stored in the database in unencrypted text. Therefore, you do not need to encrypt the Orders database.