Reputation: 493
Storing Credit Card details securely in Database
The company I work for has recently started advertising products in a newspaper. The newspaper advertises it with a link to their own website, where the customer enters their details (billing/shipping address, product, card details).
The newspapers website doesn't charge the card, instead all of the order information is stored in an encrypted XML file which is then sent to us. We then have to manually enter the details into our card machine.
I have written a quick script which converts these XML files into a CSV file which can then be imported into a MySQL database, so that we can keep track of all orders easily.
What I want to know is how can we securely store the card number, security code etc. So that if anyone ever gained access to the database they wouldn't be able to steal the details, but we can still view them to enter into our card machine. Is this possible?
Upvotes: 0
Views: 2069
Answers (1)
Reputation: 112857
Basically you should not save the CC numbers. If you do save the data it weill have to be encrypted and meet PCI standards, look at the Point-to-Point and DSS documents. Better yet hire a PCI auditor to help you.
You need to talk to the service you are using, you may be subject to PCI audits.
See PCI.
Upvotes: 1
Related Questions
- Best practices to store CreditCard information into DataBase
- Mysql encryption / storing sensitive data,
- Securely encrypting credit card data
- How can I store sensitive data securely in a MySQL database?
- Php - Store credit card information off server?
- Storing encrypted credit card numbers in a SQL database
- How to securely encrypt credit card information in a database
- Credit Card encryption for storing in SQL DB
- Credit Card Information, what security precautions must be taken?
- What's the best way to store sensitive data in MySQL?