Unencrypted Credit Cards in Prelude

[precisonline]

In recent days we've learned that many Prelude sites are storing credit card numbers without encryption.  Activant has sent out an email blast about the issue, offering a replacement for Protobase if only the customer upgrades to v21.

Looking into the Prelude encryption/decryption routines, it appears they are largely hamstrung by the fact that Unidata's encryption/decryption isn't functional on pre-7.1 releases.  We have found a way, however, to leverage SB+'s encryption instead, but ... is that enough?

I'd like to get a dialogue going because - it would seem - we are all in this together.  Do you have any thoughts to share on this credit card issue?  Personally, I'm a little freaked out because it seems that something needs to be done - and reasonably soon - to mitigate what could otherwise be some pretty awful exposure.  And I'm not convinced that a major upgrade with its commensurate pain and adjustments offers the best option.

[CKilgore]

Personally, I would prefer an option in which the credit cards numbers are never in Prelude to begin with.

We have also upgraded to Unidata 7.1 without any problems even though Prelude said they wouldn't support that move.

-Chris

[precisonline]

I agree, as long as not having the credit card numbers in Prelude has no operational impact.  And it appears that this is what Activant is proposing with this new whiz-band credit card thing to replace Protobase.  But is the hassle of upgrading to v21 - especially for those that are still back on 18 and 19 - worthy of the credit card change?