将信用卡详细信息安全地存储在数据库中
[英]Storing Credit Card details securely in Database
问题描述
The company I work for has recently started advertising products in a newspaper. 
我工作的公司最近开始在报纸上刊登广告产品。 The newspaper advertises it with a link to their own website, where the customer enters their details (billing/shipping address, product, card details). 报纸通过其自己的网站的链接进行广告宣传,客户在此输入他们的详细信息(账单/送货地址,产品,卡的详细信息)。
The newspapers website doesn't charge the card, instead all of the order information is stored in an encrypted XML file which is then sent to us. 报纸网站不收费,而是将所有订单信息存储在加密的XML文件中,然后将其发送给我们。 We then have to manually enter the details into our card machine. 然后,我们必须将详细信息手动输入到我们的刷卡机中。
I have written a quick script which converts these XML files into a CSV file which can then be imported into a MySQL database, so that we can keep track of all orders easily. 我编写了一个快速脚本,该脚本将这些XML文件转换为CSV文件,然后可以将其导入MySQL数据库,以便我们可以轻松跟踪所有订单。
What I want to know is how can we securely store the card number, security code etc. So that if anyone ever gained access to the database they wouldn't be able to steal the details, but we can still view them to enter into our card machine. 我想知道的是我们如何安全地存储卡号,安全码等。这样,如果有人获得了对数据库的访问权限,他们将无法窃取详细信息,但是我们仍然可以查看它们并将其输入到我们的数据库中。刷卡机。 Is this possible? 这可能吗?
1 个解决方案
解决方案1
1 2017-11-22 16:25:24
Basically you should not save the CC numbers. 基本上,您不应该保存抄送号码。 If you do save the data it weill have to be encrypted and meet PCI standards, look at the Point-to-Point and DSS documents. 如果确实要保存数据,则必须对其进行加密并符合PCI标准,请查看点对点和DSS文档。 Better yet hire a PCI auditor to help you. 最好聘请PCI审核员来帮助您。
You need to talk to the service you are using, you may be subject to PCI audits. 您需要与正在使用的服务进行交谈,您可能需要接受PCI审核。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.