Re: [PHP] Visa / MasterCard security compliance

[Jasper Bryant-Greene]

Dan Harrington wrote:

One of these requirements is cardholder data encryption -- is anyone aware
of a 
PHP/MySQL/Linux/Apache solution for end-to-end cardholder data encryption

that satisfies the Visa / MasterCard requirements?


Apache supports SSL/TLS. Therefore the credit card data can be encrypted 
in transit to you (you'll probably need to shell out for an SSL cert).


Your credit-card processing gateway will provide SSL/TLS encryption for 
your connection to them (be it via SOAP, REST, whatever).


If you really have to store the data for any reason, PHP's mcrypt 
extension allows you to encrypt it before storing it in the database. 
But avoid storing it if you can.


There you have it, end-to-end data encryption. That's basically the way 
I do it (I don't store card information so only the first two paragraphs 
apply), and I satisfy Visa and Mastercard's requirements. :)


--
Jasper Bryant-Greene
General Manager
Album Limited

http://www.album.co.nz/ 0800 4 ALBUM
[EMAIL PROTECTED]  021 708 334

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Visa / MasterCard security compliance

[Dan Harrington]

Hello everyone,

As you may know, Visa and MasterCard have some pretty extensive security
requirements for merchants who accept a larger number of credit card
transactions

E.g. 

http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_merchan
ts.html

https://sdp.mastercardintl.com/documentation/index.shtml

One of these requirements is cardholder data encryption -- is anyone aware
of a 
PHP/MySQL/Linux/Apache solution for end-to-end cardholder data encryption
that satisfies the Visa / MasterCard requirements?

Thanks
Dan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php