1 of 1 people found this helpful
I've used the MBS plugin to use real Public and Private keys to encrypt data. The public key can be in a file on the computer doing the encryption and the decryption computer can have the private key. Or vise-verse.
I did have a look at both MBS and 360 Works before posting the above question.
They both do an ok job of this en theory, but as the details I was looking to encrypt were credit card details I felt uneasy about the possible access to both keys in the user scenario. The final solution was to have the payment gateway provider store the card details on their system, giving us a partial reference key that has to match up with another not stored in our system for both refunds and future transactions. This way we never, ever see the card details and have can under no circumstances be compromised as only partial key for a transaction request is stored on our system.
Thanks for the reply though.
That has always been my method (do not store the card). There are authorization and transaction codes returned and those can be stored.
Sent from miPhone