On 30 May 2010 07:49, Paul M Foster <paulf@xxxxxxxxxxxxxxxxx> wrote: > This question is for people who take and store credit card information > for customers. > > Credit card companies, in an attempt to lessen fraud, are tightening the > screws on merchants who take credit cards. One aspect of this is a > requirement to store credit card information from customers encrypted. > > So let's say you have a customer whose credit card you keep on file, > because they'll be charging other items with you. The credit card > companies would like you to store this information with strong > encryption, which in their mind is one-way encryption. > > Now let's say that the credit card number is part of the customer > record. When looking at the customer record, you see just the last four > digits of the card. But when editing the record or when printing out > reports of things which must be charged, you will see the whole number. > Assume the users of the system have logins and passwords. > > Now if you one-way encrypt the credit card numbers in the customer > records, then it seems to me that any time that field has to be accessed > (to edit the record or charge something to the card), you'd have to have > the user enter a specific "password" to unlock the encryption. This > would be quite in addition to their username and password. Moreover for > this to be as secure as the credit card companies would like it, > whatever "password" is used would need to be changed frequently, > particularly at any change of personnel. This means you'd have to > re-encrypt all the credit card numbers using the new "password" every > few months or when you fire someone who had access to the data. > > This seems like an excessively cumbersome solution. Is this seriously > the way it's done? Does anyone have a better solution? > I'm sorry if the following sounds a bit harsh, but in matters like these I prefer blunt directness. A few notes. 1) one-way encryption means "no decrypting" - that's what one-way is (like a one-way street, there's no driving the other direction). You're looking for encryption that can be decrypted, not one-way encryption which is otherwise known as hashing. 2) do not store credit card information. Just don't. It's downright stupid to do so, because it's a huge risk for very little gain. 3) farm out risks like these to companies that specialize in dealing with them - you will with 100% certainty not be able to do as good a job as these. The question to ask is not: how to store credit card information securely? The question to ask is: do I really want to be the next person in the internet spotlight because my setup turned out to have a security hole I overlooked? Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 </hype> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
