hash - Is there a secure way to guarantee credit card uniqueness? -

-

so, reasonably competent web development shop, wear cotton gloves when touch credit cards, , use braintree securevault store them clear of pci compliance issues.

however want offer free trial our service, pretty relies on being able guarantee given credit card used once free trial. ideally able hash credit card number guarantee uniqueness. problem there set of valid credit card numbers small, it's going easy brute force credit card numbers. salting tactics useless far can see, because if has access database of hashes, have code well, , salting algorithm.

the best 2 ideas far are:

a) keeping hashes isolated in set, no relation billing information. therefore if hashes brute-forced, have list of credit card numbers used @ point in time, no personal information or knowledge of whether it's still valid. main weakness here have record of last-4 potentially used match them extent.

b) hash without full number , deal false positives , negatives. hashing on name, last-4 , expiration ought unique. false positive winning lottery, can deal @ customer support. false negative induced modifying name, not clear on assurances have precision of name matching (potentially affected both gateway , merchant account understanding), open loophole.

thoughts? suggestions? battle-tested wisdom?

high-level: use existing payment systems
think approach -- using credit card numbers determine if user has taken advantage of free trial , should ineligible subsequent free trial -- misguided. firstly, drive away potential customers requiring credit card upfront (which many users don't give out unless ready buy), instead of requiring after trial period has ended.

secondly, reinventing wheel. there plethora of "app stores" (the chrome webstore, android marketplace, itunes app store, etc.) provide builtin mechanisms payment , trial periods. using these systems give product increased visiblity consumers, offer potential customers multiple different payment methods (making them more inclined buy), , save hassle of implementing mechanism yourself. plus, users prefer give out credit card least number of companies possible; not have implement complex mechanism yourself, have users trust enough use it.

lower-level: implementation details
hash mechanism can have collisions, hence still need deal problem. should use full disk encryption , other best security practices servers. risk of having both database , salting algorithm compromised @ same time can reduced hosting backend database service on separate machine 1 hosts code. main vulnerability of hashing brute force attacks. , best way deal them make brute forcing expensive enough isn't worth attacker's while. using separate salt each entry (e.g. customer's name, customer's zip code, etc. part of salt) make using rainbow tables ineffective. of course making data, itself, less valuable attackers (e.g. not including full credit card number) way discourage these kinds of attacks. in case, again advise take advantage of many app stores instead of implementing yourself.


Comments

Post a Comment

Popular posts from this blog

python - Scipy curvefit RuntimeError:Optimal parameters not found: Number of calls to function has reached maxfev = 1000 -

-
Image
i want make logharitmic fit. keep getting runtime error: optimal parameters not found: number of calls function has reached maxfev = 1000 i use following script. can tell me go wrong? use spyder still beginner. import math import matplotlib mpl scipy.optimize import curve_fit import numpy np #data f1=[735.0,696.0,690.0,683.0,680.0,678.0,679.0,675.0,671.0,669.0,668.0,664.0,664.0] t1=[1,90000.0,178200.0,421200.0,505800.0,592200.0,768600.0,1036800.0,1371600.0,1630800.0,1715400.0,2345400.0,2409012.0] f1n=np.array(f1) t1n=np.array(t1) plt.plot(t1,f1,'ro',label="original data") # curvefit def func(t,a,b): return a+b*np.log(t) t=np.linspace(0,3600*24*28,13) popt, pcov = curve_fit(func, t, f1n, maxfev=1000) plt.plot(t, func(t, *popt), label="fitted curve") plt.legend(loc='upper left') plt.show() your original data t1 , f1 . therefore curve_fit should given t1 second argument, not t . popt, pcov = curve_fit(func,
Read more

c# - How to add a new treeview at the selected node? -

-
i have treeview 4 levels; parent, child, grandchild, great-grandchild. selectednode @ grandchild level. what i'm trying create new "treeview" @ grandchild - no, dont wnat create new node "selectednode" (grandchild). should somelike this: parent child grandchild (new treeview) parent grandchild great-grandchild child great-grandchild child grandchild grandchild it similar parent table mother , father went off , had new childern different spouse other spouse of there existing children. private sub populaterootlevel() ' query find first round of parent populatenodes(dt, jcatreeview.nodes) end sub private sub populatenodes(byval dt datatable, byval nodes treenodecollection) each dr datarow in dt.rows dim tn new treenode() tn.text = dr("title").tostring()
Read more

java - netbeans "Please wait - classpath scanning in progress..." -

-
when try compile netbeans projects message/error : "please wait - classpath scanning in progress..." and nothing happens , have have wait enternity conmpile "hello world"... now first thing have moved new office building, laptop same. it's secure enviroment lot of "security", can't connect anywhere almost. have changed user dir in netbeans.conf save data in c:\program files\user any ideas how fix this? alrady tried reinstalling netbeans, changing save location between standart , newone... just ideas find problem look @ cpu - netbeans busy (100% on 1 core) or blocking (95% idle)? standard, ant or maven build? libraries , use absolute or relative paths? start simple "hello world" project (no dependencies), add 1 lib (log4j or similiar), located in project folder , - if works - move lib other locations (choose locations similiar libs on real classpath) there chance, don't have access rights folders/shares conta
Read more