Page 1 of 3 123 LastLast
Results 1 to 15 of 35
  1. #1
    Join Date
    Aug 2007
    Posts
    102

    Unanswered: mask a credit card number in table

    Does anyone (I still speak newbie), know how to do this?

    I'm trying to figure out how to store only the last 4 digits of a credit card number in a 'Payments' table. paymentid is the primary key, not credit card number. I tried using the 'password' in the first field of the input mask, with;;
    Then I can't see anything...

    does anyone have a sample solution to this. I don't want to 'see' the entire number, only the last 4 when viewing the datasheet or pulling up the old payment record.

    thanks in advance....
    imrosie

  2. #2
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    dim ccnum as string
    'blah
    'blah
    'get the complete credit card into ccnum
    ccnum = right$(trim$(ccnum),4)
    'save the revised ccnum

    izy
    currently using SS 2008R2

  3. #3
    Join Date
    Aug 2007
    Posts
    102
    Hi izyrider,

    That seems sweet....dim ccnum as string...with the trim function, I hadn't thought of that one (newbie)... I know this may seem like a strange question,,,,but exactly where do I put this ? In the form on the credit card number control on dirty?...this will store only the 4 digits?

    I didn't phrase the question right. I actually need to store the whole 16 digits, but mask out all but the last 4. When old payments are displayed on the customer form, only the last 4 digits will show up in the control.

    Sorry if I totally confused the request.
    imrosie

  4. #4
    Join Date
    May 2005
    Location
    Nevada, USA
    Posts
    2,888
    Provided Answers: 6
    Just use the same Right function in control source of a textbox:

    =Right(CCNum, 4)
    Paul

  5. #5
    Join Date
    Dec 2004
    Location
    Madison, WI
    Posts
    3,926
    I've seen it where there are 4 unbound text boxes for entering the CC number, the first 3 are password inputmasks and the 4th one has a 0000 input mask (so the number shows). The actual hidden field is updated and put together from all 4 unbound boxes when each unbound box is updated. The only problem is I don't know if it's possible to limit the password input mask to just 4 numbers for each unbound box. You may need to test for the length in the OnChange/KeyDown event to determine when to go to the next box.

    I think I came across an input mask once where it somehow showed XXXX-XXXX-XXXX-3432 when a person was typing in that field (even though it was storing the number the X was representing) which is what I'm guessing you're after.
    Last edited by pkstormy; 08-13-07 at 02:23.
    Expert Database Programming
    MSAccess since 1.0, SQL Server since 6.5, Visual Basic (5.0, 6.0)

  6. #6
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Why exactly d you need to store the entire CC number, as opposed to just keeping the last 4? I think that you and I spoke before mentionning that Access is not a secure method to store this information. If you reduce the amount of sensitive information then it is less of a critical system.

    But hey-ho, if you're determined to do this then the password input mask may be your only choice. This may be one special case of breaking 1NF - have 2 fields. CcardNumber and CcardEnd (that's a rubbish name for a field ). Use Paul (pbaldy)'s suggestion to produce the desired result for the last 4.

    One thing you must realise is that the input mask can be removed in design mode and *pow* you can see all the information there!

    I just talked myself into saying: Don't save the CCNumber in full, but if you have to - encrypt it leave it encrypted forever *evil laugh*. If you ever have to check the CCNumber then you simlpy encrypt the attempt and compare that value with the one stored, never having to decrpyt the original CCnum (special mention to Poots' for the encryption theory here).
    George
    Home | Blog

  7. #7
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    George's last hits the nail on the head.

    is there a need to RETRIEVE the full ccnum from the db or not ???

    if YES
    access would not be my choice of data store for security reasons.

    if NO
    and you simply need to CONFIRM a newly entered ccnum is the same as a previously entered ccnum, then store Hash(ccnum) -AND- the last 4 digits of ccnum in plaintext with a right$(trim$()) approach. no need to store the full ccnum in plaintext, but the last-4 gives you a means to communicate meaningfully with the cardholder.

    secure hashing is really easy: post if you need a couple of lines of code.

    izy
    currently using SS 2008R2

  8. #8
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Quote Originally Posted by izyrider
    secure hashing is really easy: post if you need a couple of lines of code.
    *posts*
    George
    Home | Blog

  9. #9
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    hi George,

    here's an antique demo: uses early-bind which i don't do anymore
    there's a late-bind example in the 'bank (my 'Class-Providing Library' post)

    !!!! 4 lines of code (if you ignore the error handling).
    being early-bind you need to set a reference to CAPICOM.

    demo attached - was aimed at some other post concerned with passwords, so forgive the monologue

    Code:
    Public Function izyHash(plainText As String) As String
        'caller is responsable for ensuring that plainText is a valid, non-empty string
        Dim obHash As New CAPICOM.HashedData
        On Error GoTo err_izyHash
        obHash.Algorithm = CAPICOM_HASH_ALGORITHM_SHA1
        obHash.Hash ByVal plainText
        izyHash = obHash.Value
    exit_izyHash:                                   'housekeeping
        plainText = ""                                  'clear the inbound
        Set obHash = Nothing                            'clear the object
        Exit Function
    err_izyHash:                                    'generic errors handling
            MsgBox Err.Number & ": " & Err.Description, vbInformation, "Error in izyHash"
            izyHash = ""
            Resume exit_izyHash
    End Function
    izy
    Attached Files Attached Files
    currently using SS 2008R2

  10. #10
    Join Date
    Aug 2007
    Posts
    102
    Hi Georgev, Izyrider and PKstormy,,,,
    You guys are way over my head withall this hashing and early bind stuff....
    Any way... the Order dept. here runs all their credit cards through the machine for processing. However, a request was made for the ability to have the last 4 digits of the card number show on the invoice.......other than that, there is no need for the full ccnum to be stored.

    I'm too new to figure how to store the 4 digits in order to save it with the order;that way when the invoice is printed out the last 4 digits will show up n

    Does that help to clarify? Yes, Georgev, I'm aware that Access isn't that secure. thanks for your insight and help.
    imrosie

  11. #11
    Join Date
    May 2005
    Location
    Nevada, USA
    Posts
    2,888
    Provided Answers: 6
    No offense, but can we clarify the goal, because you said

    I'm trying to figure out how to store only the last 4 digits

    then

    I actually need to store the whole 16 digits

    and now

    there is no need for the full ccnum to be stored
    Paul

  12. #12
    Join Date
    Aug 2007
    Posts
    102

    Clarification

    Paul,,

    I'm sorry, actually I wasn't real clear as you've shown, in the beginning. I didn't have a long talk with my Order dept.(yes I know I should have done this sooner, sorry) until this morning. In they're old system, they did store the entire 16 digits.....not smart, but they did, for purposes of the invoice.

    I was at first attempting to store the entire 16 and mask out all except the last 4 digits. Now I believe "there is no need for the full ccnum to be stored", because the Order dept wants ONLY the last 4 digits to show up on the invoice...That's it. If there is a way to capture the last 4 without storing the whole 16 for printing on the invoice(end goal), then that is exactly what I need to accomplish.

    However, being a newbie, I can't figure exactly how to do this....So if I can achieve the end goal without storing, please direct me there. If I must store all to accomplish, I need to mask in the table so only the 4 show up....then direct me there.

    Does this make sense now?
    Again, I apologize for the inconsistent request.

    Paul, by the way I tried your suggestion in the control for the credit card number control source;
    Code:
    =Right(CCNum, 4)
    it doesn't work in my form

    imrosie
    Last edited by imrosie; 08-13-07 at 17:07.

  13. #13
    Join Date
    May 2005
    Location
    Nevada, USA
    Posts
    2,888
    Provided Answers: 6
    No problem; it's not like I've never been unclear.

    I'm not clear on whether you're storing the data as it first comes in, or at some later step. Obviously when an order first comes in, you'll need all digits to be able to process the card. After that, you probably don't need them (and the security concerns voiced by others are certainly valid).

    So I guess we need to know how you are getting the data in the first place. For instance, if you're appending data into your system from the order department's, then simply use Right(CCNum, 4) when appending that field. That function will probably play into any solution, but how do you get the data, and has it already been processed with the credit card gateway?
    Paul

  14. #14
    Join Date
    Aug 2007
    Posts
    102
    OK Paul,

    Here's the deal. Our Order dept. takes phone orders, check or credit card. Everything (all necessary order info) takes place on the 'Orders' screen(form), including the payment info. The 16 digits are needed mainly to process (by the credit card machine) the payment. The main payment info captured on the Order form is:

    1.) Which method of payment (filter option: check or credit card), this was also done on the old order system.
    2.) Currently (this is new and not used yet) I've set up a second control to open a popup form ('paychk' form', 'paycredcrd' form). Both are tied to the Order number with a 'PaymentID', and only one is utilized per order. The paydate, payamt, ccholders name, cardexpire date are on the paycredcrd form.
    I will change this because the Order Dept. says they want only to have the last four of the person's card number show up on the invoice. The paycredcrd form only needs PaymentID, OrderID and to hold (store?? not sure) something like this for the invoice:

    Code:
    '****-****-****-1234
    I'm guessing that would also have to be stored in the database in order to print out on the invoice.
    The controls on the invoices are bound, except for the balance, line total, extended prices....I would need to add a field for the ccnm.

    I hope I have made it more clear. thanks again...

  15. #15
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Have an unbound textbox in which your people can enter the full ccnumber. then when it comes to saving the record, trim the last 4 digits off the CC# and save it against the record.

    Does that make sense?
    George
    Home | Blog

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •