cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Best Method To Store Credit Card Info

umuayo
Contributor ,
Jul 06, 2006 Jul 06, 2006

Copy link to clipboard

Copied

What is the best way to store Customer Credit Card information in the database? Is there a difined method of handling this? Does the Sarbanes Oxley law affect this?

thanks
TOPICS
Getting started

Views

634

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
tclaremont
Engaged ,
Jul 06, 2006 Jul 06, 2006

Copy link to clipboard

Copied

The best method would be a dedicated server with a higly secure perimeter and a massive insurance policy that covers you when the data is compromised. Also making sure that you inform the end user that thier credit card information is being stored for whatever purpose BEFORE they enter that information, giving them the opportunity to consent to your storage of their highly confidential information.

The best advice is to reevaluate why you need to store this information at all, rather than processing it at the appropriate times and then deleting the ifnormation, thereby reducing your risk.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
SafariTECH
Engaged ,
Jul 07, 2006 Jul 07, 2006

Copy link to clipboard

Copied

It's generally not a good idea to ever store CC info in a database at all, whether encrypted or not.

... and as suggested, it is HIGHLY recommended that you give the user the choice to do so, and inform them of the potential risks if you decide to do it.

IF you do decide to go this route, and do provide a choice to save it to a server that is certified as e-commerce secure (some banks or security companies will help you test this fact), then make sure you encrypt the information before storing it - and never store the private key anywhere that can be accessed via web or db access.

You also may want to discuss this with your lawyer and insurance company and make sure your a$$ is covered, since if everything is not done properly, you and/or your company could be held liable for the client's customers losing their information if the DB ever gets hacked or stolen.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Jul 08, 2006 Jul 08, 2006

Copy link to clipboard

Copied

What is the best way to store Customer Credit Card information in the database?

Let an online payment processing company handle credit-card payments from your clients. The best payment-processing merchants would know much more than you how best to deal with credit card information and what legislation is involved. The responsibility for security would also be largely theirs.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Steve Sommers
Advocate ,
Jul 11, 2006 Jul 11, 2006

Copy link to clipboard

Copied

The most secure way is to not store CC data and instead find a payment gateway that offers tokenization. Basically, it is a token that references the card information so future transactions can be posted using the token.

References:

We call the technology "tokenization"; other gateways may call it something else. Hope this helps.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
pete_freitag
Enthusiast ,
Jul 12, 2006 Jul 12, 2006

Copy link to clipboard

Copied

LATEST
As others have suggested, it is not a good idea to do this, unless you seriously know what your doing. Read this: article first.

It is pretty comon for people to see that Amazon stores credit cards, so why can't we... Well amazon has an incredibly secure system for doing this, one that would be very difficult for someone to just whip up. Here is a quote from Amazon's CTO:

quote:
Credit card information should be kept in a physical secure location separate from your other servers with armed guards in front of it (I am not kidding)...

I won't tell you exactly how we implement our schemes but to get to Amazon customer credit cards you will need a small army of Marines. Although recently we have been discussing to place physical and electronic booby-traps such that the servers will self-destruct when compromised, to deal with such full physically attack ...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices