Dan Harrington wrote:
One of these requirements is cardholder data encryption -- is anyone aware
of a
PHP/MySQL/Linux/Apache solution for end-to-end cardholder data encryption
that satisfies the Visa / MasterCard requirements?
Apache supports SSL/TLS. Therefore the credit card data can be encrypted
in transit to you (you'll probably need to shell out for an SSL cert).
Your credit-card processing gateway will provide SSL/TLS encryption for
your connection to them (be it via SOAP, REST, whatever).
If you really have to store the data for any reason, PHP's mcrypt
extension allows you to encrypt it before storing it in the database.
But avoid storing it if you can.
There you have it, end-to-end data encryption. That's basically the way
I do it (I don't store card information so only the first two paragraphs
apply), and I satisfy Visa and Mastercard's requirements. :)
--
Jasper Bryant-Greene
General Manager
Album Limited
http://www.album.co.nz/ 0800 4 ALBUM
jasper@xxxxxxxxxxx 021 708 334
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
