While testing the payment gateway for some eCommerce site, is there any way to check if the cookies are saving the user's credit card details? If so, can we verify if they are in encrypted form?
A:
Beyond just looking at the content of the cookies? (You can also check the scope and expiry of cookies and whether the gateway works if the cookies are not accepted)
However, if you don't find the CC details they could be encrypted or disguised but that won't tell you how well encrypted they are.
Obtaining a statement from the gateway provider may be the only way forward if the CC details are not obvious in the cookies.
mas
2009-07-13 05:51:05