Storing Credit Card details securely in Database
Question
The company I work for has recently started advertising products in a newspaper. The newspaper advertises it with a link to their own website, where the customer enters their details (billing/shipping address, product, card details).
The newspapers website doesn't charge the card, instead all of the order information is stored in an encrypted XML file which is then sent to us. We then have to manually enter the details into our card machine.
I have written a quick script which converts these XML files into a CSV file which can then be imported into a MySQL database, so that we can keep track of all orders easily.
What I want to know is how can we securely store the card number, security code etc. So that if anyone ever gained access to the database they wouldn't be able to steal the details, but we can still view them to enter into our card machine. Is this possible?
1 answers
solution1
1 2017-11-22 16:25:24
Basically you should not save the CC numbers. If you do save the data it weill have to be encrypted and meet PCI standards, look at the Point-to-Point and DSS documents. Better yet hire a PCI auditor to help you.
You need to talk to the service you are using, you may be subject to PCI audits.
See PCI .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.