Security Features in the International Retail Site

  • Article

The International Retail Site is not intended for users on a kiosk or shared computer. This is because:

  • User information persists only for the duration of the session; however, browser caches are not automatically cleared at the end of the session. When a user walks away from a kiosk, the user information would remain and potentially be available to other users.
  • Address information will persist until the user either logs out or closes all browser windows.

Ee811481.note(en-US,CS.20).gifNote

  • Credit card information will not persist or be cached in the browser.

The International Retail Site uses .NET Framework encryption services to secure the most sensitive user data. Search the MSDN Library at https://go.microsoft.com/fwlink/?LinkId=6680 for more information about the System.Security.Cryptography namespace.

The user password is encrypted using a one-way MD5 hash before it is stored in the password property of the profile. For login password matching, the input password is simply hashed the same way. If the resulting hash matches what is stored in the password property, then a valid login is made. The .NET MD5CryptoServiceProvider class is used to accomplish this hashing. See Security Features at: https://go.microsoft.com/fwlink/?LinkId=6688 for more information about the MD5CryptoServiceProvider class.

Credit card data is also encrypted. The site uses a basic level of encryption for storage of credit card numbers using the .NET DESCryptoServiceProvider class. Key strength will depend on the encryption strength of the operating system. Two keys are required for this encryption method:

  • A public encryption key is stored as a site resource in the Commerce Server Administration database.
  • A private encryption key is a system level property only available to the system applications that need the credit card numbers.

It is important to minimize the number of components that have access to this private key. The Order Processing pipeline is the only Commerce Server component that needs the credit card number exposed so that third party credit card verification services can work.

The only other class of applications that need the credit card number exposed are the back-end line of business systems that need the credit card number to process orders.

The site supports rolling the encryption key pairs. For more information, see Adding Values for Public Key, Private Key, and Key Index Tokens. The method supported is to toggle the encryption keys. This specifically drops old keys after a second key upgrade.

Ee811481.note(en-US,CS.20).gifNote

  • This assumes that fulfilled orders that are archived past the return policy date do not need their credit card numbers decrypted anymore.

The site displays stored credit card numbers with a mask, so that only the last four numbers are displayed.

The following example demonstrates creating the masked string:

'Digits is a string containing the full credit card number.
'DigitDisplay is set to the display format.
string DigitDisplay  = string.Format("####-####-###{0:1}-{1}",  Digits[0], Digits.Substring(1));

See Also

Passport Integration Features

Authentication Infrastructure

Adding Values for Public Key, Private Key, and Key Index Tokens

Copyright © 2005 Microsoft Corporation.
All rights reserved.