Obscure credit card number in update form

I need a better method to allow a user to update his CC number in an update form. I can replace all but the last 4 digits with x's for display purposes, but I'm looking for a solid method of updating the number properly.
Who is Participating?
If the number is already stored in the database, it's just a matter of checking the field before the update.  Since you already know how to replace everything but the last four digits with an x, then I'll leave that alone.  Just check to see if an X exists in the posted value, and if it does, use the existing value from your database instead.  Something like:

if instr(request.form("ccfield"), "x") <> 0 then ccvalue = rs.fields.item("existingccvalue").value
ccvalue = request.form("ccfield")
end if

Then pass ccvalue to your update.  This is essentially what nitinsy was suggesting.
You're not really explaining your problem here but I assume you dont want the number to get sniffed by anyone else?

Then you really should use SSL encryption I believe. By purchasing a certificate from example verisign or thawte all traffic will be encrypted between the web browser and web server.

I can recommend Thawte since they have reasonable prices and still a very good service:

webdorkAuthor Commented:
Thanks for responding.

I've got a certificate, and am displaying the info under SSL. When a client goes to the update page I don't want to display the entire CC# in the CCNum field. I'll transform the actual CC num from the recordset and just display xxxxxxxxxxxx1234. If they choose to update their CCNum, fine I'll capture the new number into the DB. But when they update their some other part of their record I dont want the obscured string punched into the recordset.
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

The simplest way would be to check the entries before updating the recordset. If the CCnumber starts with XXXX, don't process the CCNum update. It would be great if you can give us more details on what platform you are using (.NET/php) and some detail on the way you have structured your page. That way we can provide more concise and to the point answers.
Make two separate text fields. One will contain the obscured number and will be disabled or readonly. The other one will be empty and will contain the new number.
webdorkAuthor Commented:
Im using asp and SLQ server
webdorkAuthor Commented:
That works for me...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.