Checkout flow with regards to encryption/decryption

In the past I connect to the user to an SSL-secured portion of my site,
asked for or updated their details. I used their credit card’s security
code plus the customer’s ID in the database as the pass phrase to
encrypt their credit cards (I used Rijndael for encryption).

I didn’t like doing it but I stored the customer’s security code in
session for at least one action before decrypting the card and sending
it to Authorize.net.

I’m curious to hear how others have handled the flow of checkout on
e-commerce websites.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs