Quote:
Originally Posted by GFED
why is credit card information in plain text?
|
It needs to be in plain text in order to push through a transaction.
The question should be, why is this information available for read access on a public web server. Why isn't it on a separate backend server, which only accepts simple commands such as "charge $29.95 to credit card record #1234" and doesn't ever reveal the underlying data to the API caller?