Storage of credit card data in the database

Navigation
0

I am about to incorporate a payment module into my mobile application (I plan to use Moip and in future I will use PayPal). I would like a Uber-style payment system in which the customer provides their credit card details and these are saved so that he can later pay with just one click.

My knowledge of data security is practically nil, and I'd like to know what precautions I should take when storing this data in my database.

I designed the system not to store the CVV code to improve security. But I do not think that's enough. Could anyone give me some tips or, if possible, point me to some material that I can study to develop this "in-app" payment module? Thank you!

    
asked by anonymous 08.09.2017 / 19:26

1 answer

1

Some time ago, before MercadoPago and PagSeguro were popular, I worked for a company and they wanted to process the payments directly with the operator. At the time the operator said they could not retain data from the customer's card, and a lot of requirements to be able to integrate with their system. I do not know now what the posture is, but anyway, it has the following link that has several interesting references regarding security, with the ABNT , ISO standards and others such as SOX regarding: link

See, for example, this section of Payment Card Industry (PCI), which gives storage security tips such as tokerization and encryption

  

Tokenization has a goal similar to encryption, but it works   in a different way. It replaces the card data with data without   meaning (a "token"), which have no value to a hacker.

Sources: link
link onelink /pcisecurity/en2pt/minisite/en/docs/Small_Merchant_Guide_to_Safe_Payments.pdf

Out of all this, there is this post right here on the topic, I suggest reading: #

    

08.09.2017 / 19:51
Add 'swipe to refresh' to WebView Filter result of a collection_select based on the selection of another