Leaderboard

PHPFreaks DID have a data breach! (https://www.cyberinsurance.com/breaches/phpfreaks/) I had an afterthought.... if I absolutely HAD to store some encrypted customer data, I would lean towards storing their phone number over storing their credit card details. And it would be easy to assign a random "code" via a text message. Nowadays a lot of sites that "want to prove it's really you" will send you a text message with a 6 digit code. You could probably still do a good job at enforcing your 2 people per credit card limit this way (most people have only one or two phone numbers), without having to store (or even see) their card info. Their phone number should still be encrypted properly though, but it looks less catastrophic if phone numbers got revealed rather than credit card numbers :-)