1

If the information used to retrieve a card from the Paypal Vault, i.e. "credit_card_id" is stored in a database entry on our server, if a hacker is able to gain access to the server, does it really matter if the card information is stored on our server, or in the Paypal Vault? The information could be retrieved, or at the very least, used with malicious intent?

Hypothetical question, of course.

FurryWombat
  • 125
  • 5

1 Answers1

1

I believe the PayPal Vault just stores the card token. So if an attacker were to grab that token and some other sensitive information from your server, the worst he would be able to do is charge the person's account to your PayPal account, approve refunds, etc. The customer's actual details will stay private as they are not transported from the vault.

The way I see this working is in this wise:

Customer ---card number---> Your server ---card number---> PayPal Vault

Once in the vault PayPal generates an ID for the card and sends that back to you:

PayPal ---card id---> Your server ---card id---> Database

So later, when you want to use it again:

Database ---card id---> Your server ---card id---> PayPal Vault

PayPal then matches the ID to the card number stored in the vault and charges the card.

gillytech
  • 171
  • 6
  • You're right. As you have mentioned, this still leaves the possibility of a hacker using those tokens to have a field day should they choose to do so, if not for their own monetary benefit, for "fun"... i.e. charging cards, voiding or refunding successful transactions... At the end of the day, correct me if I'm wrong here, but nothing is ever 100% secure and never perfect, though it can be very, very close. What I can take away from this is that the PayPal vault will limit our exposure in the case of a breach, but not eliminate the possibility of havoc being wrought one way or another. – FurryWombat Jun 15 '14 at 20:07
  • Yes "fun" is definitely a reason hackers hack. Just watching chaos ensue gives them some pleasure. There's no such thing as 100% security. So you're right, that could cause trouble if those tokens got out, but it would be a whole mess load more trouble if the card numbers did! I would employ security measures resembling the PCI DSS on them anyway, encrypt them before storing in the database, SSL, etc. – gillytech Jun 17 '14 at 00:55
  • Agreed! Now, maybe this is an uneducated question, but would it be pertinent to store a unique secret key for each encrypted token, unique to the entry rather than a global key which appears to be a more common technique? Or, if a hacker is truly able to gain access to the database, would this just slow them down by a small measure of effort? – FurryWombat Jun 17 '14 at 11:36
  • That's a good question. Storing the key with the token in the same database is not a good practice and will only slightly hinder an attacker. Though a global key poses the risk of universal access once found. This subject is well outside the scope of a commend and I recommend studying other resources (http://security.stackexchange.com/questions/17421/how-to-store-salt) and come to a conclusion on your own. By the way, if my answer is correct, why not upvote it :) – gillytech Jun 17 '14 at 19:33