| 摘要 |
A method by which merchants who store sensitive credit card information can secure the information from theft, while minimizing the impact on the customer, as well as minimizing the cost of implementation. The merchant uses a special secured record for the storage of the credit card information for a specific customer. The record consists of two parts. The first part of the record contains public information which is visible to anyone with access to the record. The public information includes the merchant identity, along with information that constrains the use of the record, such as limits on the type of purchase, amount of purchase, or frequency of purchase, as well as the expiration date of the record, approved shipping addresses, and other constraints that make the record effectively useless to anyone except the merchant who created and stored the record, as well as limiting possible abuse by said merchant. The second part of the record contains private information which is encrypted so as to be visible only to parties authorized to view the information. The private part of the record will contain the sensitive credit card information, along with a checksum of the contents of the record. When the record is submitted to the clearing entity, the private part of the record is decrypted using the appropriate key. The checksum is used to verify that the record has not been modified, and that the public and private sections correspond to each other. Once the record is validated, constraints are applied, and if met, the credit card information is used to process the transaction. |
