q; Keeping Credit Card in the database

G

Guest

Keeping Credit Card in the database:
If I am going to keep credit card information in the database, what process
and procedure I need to pay attention so that I would not be in trouble
because of security in web application, database, and in the building that
the server is in. Any guidelines?
 
M

Michael Nemtsev

Hello JIM.H.,

Use SSL to have the postback encryption, encript session state and DB content

---
WBR, Michael Nemtsev [.NET/C# MVP].
My blog: http://spaces.live.com/laflour
Team blog: http://devkids.blogspot.com/

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo

J> Keeping Credit Card in the database:
J> If I am going to keep credit card information in the database, what
J> process
J> and procedure I need to pay attention so that I would not be in
J> trouble
J> because of security in web application, database, and in the building
J> that
J> the server is in. Any guidelines
 
T

Tim Payne

Some of this will depend on the applicable data laws in your country. For
example the UK data protection act states how long you're allowed/required
to keep data for and that sort of thing.

All transactions should be done over SSL, and the credit card details should
be encrypted in the database, preferably using a key with salt.

Regards,

Tim.
 
M

Mark Rae [MVP]

Some of this will depend on the applicable data laws in your country. For
example the UK data protection act states how long you're allowed/required
to keep data for and that sort of thing.
Click to expand...

Very true. In addition, you need to be registered with the Information
Commissioner's Office before you can store certain types of data, especially
personal and financial data like this...
All transactions should be done over SSL, and the credit card details
should be encrypted in the database, preferably using a key with salt.
Click to expand...

Yes, definitely.
 
R

Rad [Visual C# MVP]

Keeping Credit Card in the database:
If I am going to keep credit card information in the database, what process
and procedure I need to pay attention so that I would not be in trouble
because of security in web application, database, and in the building that
the server is in. Any guidelines?
Click to expand...
You also need to look at database level encryption
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Does a e-commence website generally know who the credit card merchant processor is ??? 1
Does a e-commence website generally know who the credit card merchant processor is 0
q; keep credit card data 5
Upgrading Company's Internal Record Keeping Systems 0
Ajax for Credit Card Processing 6
credit card payment 6
Questions about credit card payment handling 7
How can I find occurrences of a column name FPPaymentID in the entire database (e.g table, stored procedure etc) in SSMS? 2

Members online

No members online now.
Total: 56 (members: 1, guests: 55)
Robots: 491

Forum statistics

Threads
473,989
Messages
2,570,207
Members
46,782
Latest member
ThomasGex

Latest Threads

Top