I work for a credit card processing company. As part of our processing transactions for merchants, we receive a record of each transaction, including cardnumber information. In order to comply with Visa/MC rules, this information must not be stored in clear, but must be encrypted, to prevent unauthorized access. However, we still need to have access to it for use in loss prevention and other functions.
I've looked at a couple of encryption packages (SecureData from Protegrity; NetLib's Encryptionizer; DbEncrypt from ASI), and would like to hear from anyone who has had to deal with a similar situation. What product did you go with, are you happy with it, and what issues did you have with implementation?
I will note that the cardholder data is part of the primary key in several tables, and that the data is processed using several internal stored procedures that are kicked off automatically and need to have access to the data as the system, not as a specific user. I'm using SQL2000 running on a Windows 2003 server.
Any help will be greatly appreciated...
I've looked at a couple of encryption packages (SecureData from Protegrity; NetLib's Encryptionizer; DbEncrypt from ASI), and would like to hear from anyone who has had to deal with a similar situation. What product did you go with, are you happy with it, and what issues did you have with implementation?
I will note that the cardholder data is part of the primary key in several tables, and that the data is processed using several internal stored procedures that are kicked off automatically and need to have access to the data as the system, not as a specific user. I'm using SQL2000 running on a Windows 2003 server.
Any help will be greatly appreciated...