[flexcoders] Credit Card number encryption
Hello, I use Flex and Amfphp with php / mySql. In the database, I want to encrypt Credit card number with MD5. How to add this functionnality ? Thank you, Christophe,
Re: [flexcoders] Credit Card number encryption
As far as I am aware you aren't allowed to store credit card numbers yourself without a weekly security audit from the card issuer...
Re: [flexcoders] Credit Card number encryption
W.R. de Boer wrote: As far as I am aware you aren't allowed to store credit card numbers yourself without a weekly security audit from the card issuer... I don't think that is the case. You need to have a business use for storing credit card data and of course, it then needs to be encrypted and only certain parts of allowed to be stored. For instance, CVV2 or track discretionary data storage is a no, no. https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml -- Warm Regards, Lee
Re: [flexcoders] Credit Card number encryption
Lee Jenkins wrote: W.R. de Boer wrote: As far as I am aware you aren't allowed to store credit card numbers yourself without a weekly security audit from the card issuer... I don't think that is the case. You need to have a business use for storing credit card data and of course, it then needs to be encrypted and only certain parts of allowed to be stored. For instance, CVV2 or track discretionary data storage is a no, no. So how do companies like amazon keep card info for future use? https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml -- Warm Regards, Lee -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Alternative FAQ location: https://share.acrobat.com/adc/document.do?docid=942dbdc8-e469-446f-b4cf-1e62079f6847 Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo! Groups Links
Re: [flexcoders] Credit Card number encryption
At 09:35 AM 2/11/2010, you wrote: As far as I am aware you aren't allowed to store credit card numbers yourself without a weekly security audit from the card issuer... Do what?! I've never heard of this... If that's the case, then the company I work for has been breaking the law for YEARS! We store CC data (encrypted, of course) in our current database so that if a customer changes their mind, we don't have to reacquire the CC info from them to charge (or refund) their account. In the Flex app that I'm writing, the plan is to continue to do the same thing... And how would the CC issuers (dozens of 'em? Hundreds?) all have the time to audit every company that uses CC info for any purpose whatsoever? Doesn't sound possible to me. Laurence MacNeill Mableton, Georgia, USA
Re: [flexcoders] Credit Card number encryption
Laurence MacNeill wrote: At 09:35 AM 2/11/2010, you wrote: As far as I am aware you aren't allowed to store credit card numbers yourself without a weekly security audit from the card issuer... Do what?! I've never heard of this... If that's the case, then the company I work for has been breaking the law for YEARS! We store CC data (encrypted, of course) in our current database so that if a customer changes their mind, we don't have to reacquire the CC info from them to charge (or refund) their account. In the Flex app that I'm writing, the plan is to continue to do the same thing... My understanding is that PCI Compliance is not yet necessary for in-house products. -- Warm Regards, Lee
