Gathering credit card information, security?

Question

We have created a portal for users to pay online via our website.

We have created an option for user to check a "checkbox" to save their details to their account so they can pay easily next time.

What is the best way to save credit card details to a mySQL database? I want it to be secure, I don't want to purely save their details to a field as "XXXXXXXXXXXXXXXX".

What is the most secure way to save credit card details? We will have SSL on our server when the site goes live.

Regards

Answer 1

encryption(two way)

If you must really store this information than I think you should have some sort of encryption(mcrypt) in place. but to be honest i am not a security expert and what I am praising could be insecure as well!?!

NO

IF YOU COULD AVOID STORING SUCH INFORMATION ON YOUR SERVER YOU SHOULD. PERIOD! Like somebody else mentioned, even Jeff Atwood(Stackoverflow author) advices you not to store such information. You could be compromised and then that information is freely available on the internet. How are you doing payments anyway? Aren't you using something like paypal or something so the users does not even has to enter this information anyway?

Answer 2

Review the pci requirements as linked to by Mark B.

In one of my recent contracts I worked with a government department, although I didn't have anything to do with the pci compliance I do know it cost in excess of $1M. You certainly won't need to spend that much. but take it as a warning.

If you are operating on a shared platform I can only re-iterate what others have said and say don't store it for re-use. In fact on a shared platform it may not be wise to collect payments at all, regardless of the storing of card details.

At the very least you need a VM, if not a dedicated box behind a firewall, the database should be on a separate server which is firewalled and only used for the database.

Never forget your hosting provider can get access to the box, one bad staff member and you are in trouble. or at least your cardholders are and if they can trace it back to you and you should always admit to a breach then you are in trouble.

If you must. Then store everything else but get the user to enter the credit card each time. don't forget that expiry dates change. so you will need to let the user update that anyway so why not get the whole number again.

Your customers would probably look on you more kindly if you stipulated "Card Details Not Stored"

DC

Answer 3

You should never store CC details, except the grossly masked 'XXXX XXXX XXXX 1234' type format, and you are not EVER permitted to store the CVV numbers.

What you can store is the transaction ID turned from your payment processor, from which you can look up their stored copy of the CC number. That relieves you of the problem of securing your system enough that you could store a CC number (which is a huge undertaking) and puts the onus of the security overhead on the processor's head.

SSL is irrelevant for securing your database, an SSL connection exists only while an HTTP transaction is open, and then is gone. You need to have 100% security on your server AND your database at all times.

I'd suggest getting a copy of the PCI standards, which go into extreme detail as to what the requirements are for various levels of credit card handling/processing.