Best way to store sensitive data

Question

What is the best way to store sensitive data (eg: credit cards)? I need to be able to get the original text, so I can't hash it. I have a few ideas.

1. Use MySQL with AES_ENCRYPT() and AES_DECRYPT()

2. Store it encrypted in a file using fwrite()

Now I know that MySQL's encrypt and decrypt functions aren't secure, is there any encryption that I can use in PHP that is easy, fast and secure?

Answer 1

Don't store credit card numbers on your server! Having this information in your database makes you an extremely attractive target for hackers. And if you think you can protect it, think again. Hackers have defeated the security of companies with excellent security. Your security won't be any better.

Your best bet is to use a service like Authorize.Net's Customer Information Manager (CIM) which allows you to create payment profiles on their server (i.e. they store the information) and then you charge against it. That way you can charge your customer whenever you need to but don't have to store their credit card information.

If you insist on doing it yourself you have to follow the PCI rules outlined in this guide. But you may find this guide easier to understand. Go to page 14 for what you need to know. Basically you can store it but it has to be encrypted according to PCI standards.

FYI, Your server and network also must be secure. If any piece of the puzzle is not PCI compliant you cannot store the credit card numbers. That rules out most shared hosting companies as a solution.

Answer 2

Generally the only reason you would store card numbers is for subscriptions/recurring payments. You will find that good payment service providers provide a token to store rather than the card details and then you just push that to them again.

Look at the PHP mcrypt library though if you do need to encrypt/decrypt card numbers and remember, never EVER store the 3 digit security code anywhere. Ever.