| Credit Card Storage |
[eluser]Pascal Kriete[/eluser]
The ideal solution is - don't if you can avoid it. If that isn't an option, store it on a separate server. You shouldn't store it on the webserver, and none of it should ever go over a non-encrypted connection. SSL is a must. The PCI also outlines a few rules for handling CC information, found here. Basically, you want an encrypted connection to a non-web-accessible server (as well as an encrypted http connection). The stored data should be encrypted using a 128-bit cypher. And obviously, that server should have all the latest patches and security upgrades. [EDIT: I knew I had seen it on some blog, here is how 37s do it] |
| Messages In This Thread |
|
Credit Card Storage - by El Forum - 08-11-2008, 02:37 PM
Credit Card Storage - by El Forum - 08-11-2008, 02:59 PM
Credit Card Storage - by El Forum - 08-11-2008, 04:39 PM
Credit Card Storage - by El Forum - 08-11-2008, 05:51 PM
Credit Card Storage - by El Forum - 08-11-2008, 11:50 PM
Credit Card Storage - by El Forum - 08-12-2008, 12:14 AM
|
