• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 345
  • Last Modified:

Obscure credit card number in update form

I need a better method to allow a user to update his CC number in an update form. I can replace all but the last 4 digits with x's for display purposes, but I'm looking for a solid method of updating the number properly.
2 Solutions
You're not really explaining your problem here but I assume you dont want the number to get sniffed by anyone else?

Then you really should use SSL encryption I believe. By purchasing a certificate from example verisign or thawte all traffic will be encrypted between the web browser and web server.

I can recommend Thawte since they have reasonable prices and still a very good service:

webdorkAuthor Commented:
Thanks for responding.

I've got a certificate, and am displaying the info under SSL. When a client goes to the update page I don't want to display the entire CC# in the CCNum field. I'll transform the actual CC num from the recordset and just display xxxxxxxxxxxx1234. If they choose to update their CCNum, fine I'll capture the new number into the DB. But when they update their some other part of their record I dont want the obscured string punched into the recordset.
The simplest way would be to check the entries before updating the recordset. If the CCnumber starts with XXXX, don't process the CCNum update. It would be great if you can give us more details on what platform you are using (.NET/php) and some detail on the way you have structured your page. That way we can provide more concise and to the point answers.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Make two separate text fields. One will contain the obscured number and will be disabled or readonly. The other one will be empty and will contain the new number.
webdorkAuthor Commented:
Im using asp and SLQ server
If the number is already stored in the database, it's just a matter of checking the field before the update.  Since you already know how to replace everything but the last four digits with an x, then I'll leave that alone.  Just check to see if an X exists in the posted value, and if it does, use the existing value from your database instead.  Something like:

if instr(request.form("ccfield"), "x") <> 0 then ccvalue = rs.fields.item("existingccvalue").value
ccvalue = request.form("ccfield")
end if

Then pass ccvalue to your update.  This is essentially what nitinsy was suggesting.
webdorkAuthor Commented:
That works for me...

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now