How do I store credit card data securely?

5

I currently use third-party services to handle online transactions via credit card, they store their card data themselves and collect it.

I want to store customer credit card data in my own database, having this data with me makes it possible to migrate from service without losing this card data, but this does not seem safe to me, because if it were, it would not use encryption for passwords. How to store credit card data securely?

    
asked by anonymous 12.04.2016 / 16:50

2 answers

4

If you do not need these data routinely, you will only have to access them in exceptional circumstances, so you can store them safely using encryption. The ideal, of course, would be to avoid this problem, or let some specialist do it (in particular, pay attention to any existing legislation that establishes minimum safety criteria for this scenario, if applicable). But for reference, the procedure would be as follows:

  • Generate a public / private key pair on a non-internet-connected computer. Keep this computer off the internet, and free of malware (or at least remove the private key from it, and delete it from its place of origin without leaving a trace);
  • Export the public key to your web server;
  • In your web service, when you receive a card and need to store it, encrypt it using the public key and store the result in the bank (continue to discard the data in a flat format as soon as you do not need it anymore);
  • When / if you eventually need this card data to migrate a service or something:
  • Export your database to a file, and enter that data into the computer that has the private key;
  • There, decrypt the data and prepare the script needed to use them;
  • Move the script to a machine with internet access, run it and erase it immediately (again, using a safe method of removal that leaves no traces).
  • Bonus: Use a hardware module to generate this pair of keys, so that the private key never exits from that hardware (ie no remote attacker will have access to it, even if 100% of your system is compromised), and once the public key has been exported unplug this module and do not use it again until you have no need.

    Source: this answer in security.SE . (Note: pay no attention to my own answer there ...)

        
    27.04.2016 / 07:29
    0

    According to a Microsoft's own example (I do not know if is the best example to cite rsrs). They simply do not keep the password, but they keep the other data on the card unencrypted, basing it on having a secure enough database. You can also encrypt this data before inserting it from the database, this will serve as extra security.

    If the data is encrypted, someone who has access to the database but can not see the source code of your application will not be able to decipher the data they have access to.

        
    12.04.2016 / 16:56