How to store Credit Card data securely?

Asked

Viewed 3,711 times

5

Currently I use third party services to handle online transactions via credit card, they store the card data themselves and make the charge.

I am wanting to store the customer’s credit card data in my own database, having this data with me makes it possible to migrate from service without losing this card data, only this does not seem safe because if it were not use encryption for passwords. How to store credit card data securely?

2 answers

4

If you do not need this data routinely, you will only have to access it in exceptional circumstances, so you can safely store it using encryption. The ideal, of course, would be to avoid this problem, or let some expert do so (in particular, pay attention to any existing legislation that sets minimum safety criteria for this scenario, if applicable). But for reference, the procedure would be as follows:

  1. Generate, on a computer not connected to the internet, a public/private key pair. Keep that computer off the internet, and malware free (or at least remove its private key, and delete it from its source without leaving a trace);
  2. Export the public key to your web server;
  3. On your web service, when you receive a card and need to store it, encrypt it using the public key and store the result in the database (continue discarding the data in flat format as soon as you no longer need them);
  4. When/if eventually you need these card data to migrate a service or something like that:
    1. Export your database to a file, and insert this data into the computer that has the private key;
    2. There, decrypt the data and prepare the necessary script to use it;
    3. Move the script to a machine with internet access, run it and delete it immediately (again, using a secure removal method that leaves no trace).

Bonus: use a hardware module to generate this key pair, so that the private key never leaves this hardware (i.e. no remote attacker will ever have access to it, even if 100% of your system is compromised), and once the public key has been exported unplug this module and do not use it anymore until you have no need.

Source: that response in security.SE. (Note: don’t pay attention to my own answer there...)

0

According to a example of microsoft itself (I don’t know if this is the best example for quoting rsrs). They simply don’t keep the password, but keep the other card data unencrypted, on the basis that they will have a secure enough database. You can also encrypt this data before entering them from the bank, this will serve as extra security.

If the data is encrypted, someone who has access to the database but cannot see the source code of your application will not be able to decrypt the data they have access to.

  • 2

    In part Eles simplesmente não guardam a senha wouldn’t be the security code? The password is not even used on the internet.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.