I would suggest you contact the banks/financial companies that your client is working with. Ask them what their encryption requirements are for SSNs. If they don't have one, then you can use any system that you like, I prefer ones that have variable seeds to them, but that is just me. If they do have a specific requirement, post back here so we can help you figure out a good method that adheres to their requirements.
William -----Original Message----- From: ColdFusion Developer [mailto:cfdev...@gmail.com] Sent: Monday, May 11, 2009 5:19 PM To: cf-talk Subject: Storing SSN ... I know, I know What's a best practice for securely storing a social security number? I've talked myself blue trying to talk my client out of doing this, but the bank he's working with for this project absolutely, positively cannot process his transactions without the SSNs of our users (most of the businesses they work with are payroll companies with secure internal data storage, not a public-facing site like his will be). What would you all recommend as a process/method for storing this info in the most secure way possible? Most of what I've read just says "encrypt/decrypt it in the database and you're fine" -- but I'm not so sure that's the best course. Thanks in advance! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:322391 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
