Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Storing Credit Cards

Status
Not open for further replies.

Modica82

Technical User
Jan 31, 2003
410
GB
Hi all,

I was wondering if anyone has any suggestions on securing credit cards in a database. What info should i store and how should it be encrypted? I need a way to be able to get the credit card infomation out, so that it can be processed at a later date if needs be, it is complicated to describe, but the customers do consent to this.

Any ideas or links to good information?

Thanks,

Rob
 
1. Make sure the DB is locked down tight, and anyone with access to it is bonded. I mean anyone. Some DB have an encrypted data type. If your doesn't you can use any encription product you want, and use a transformation program like DataStage TX to put the data into the DB as a BLOB. To get info out, you get info to file, use Password to decrypt and process. This can be does with software like DS TX, but you need the environment to be secure too.



BocaBurger
<===========================||////////////////|0
The pen is mightier than the sword, but the sword hurts more!
 
1. Make sure the DB is locked down tight, and anyone with access to it is bonded. I mean anyone. Some DB have an encrypted data type. If your doesn't you can use any encription product you want, and use a transformation program like DataStage TX to put the data into the DB as a BLOB. To get info out, you get info to file, use Password to decrypt and process. This can be does with software like DS TX, but you need the environment to be secure too.

BocaBurger
<===========================||////////////////|0
The pen is mightier than the sword, but the sword hurts more!
 
Truly - you cannot store credit cards on the server - unless you are CISP compliant. Storing these numbers might cause you to lose your merchant account. And never store the CVV numbers. This will definitely cause you to lose your merchant account.

__________________________
Corey

 
yes there is a large legal responsibility that is very serious indeed, and configure SSL & encryption in db.

hosting company will generally provide ssl with secure e-commerce set up, this will save you a lot of time.
 
This is very hard to do legally...if you are in a big corporation...then you can probably get this done correctly. but otherwise, there is not really any reason to store people's credit card information. I would get a security expert and lawyer if you really want to do this.

David

David Kuhn
------------------
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top