• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Efficient algorithm/technique to encrypt and decrypt sensitive data in PHP/MySQL and CI context.

#1
[eluser]mr_prasanna[/eluser]
Hi,

I am researching a good system to store sensitive data like credit card numbers in a MySQL database and be able to retreive quickly and decrypt and at the same time be sure of the fact that it doesn't reveal the right data in logs or if system is hacked. Any suggestions?

#2
[eluser]danmontgomery[/eluser]
http://ellislab.com/codeigniter/user-gui...ption.html

#3
[eluser]mr_prasanna[/eluser]
Is this safe to save in a mysql db? How can I limit the size of encrypted string to be within 64 byte/char size? This is because indexing on a larger varchar field might slow down the system? no?

#4
[eluser]gcc.programmer[/eluser]
You should do some googling on storing credit card info and PCI compliance, as there are regulations, etc. involved in doing this. Sure, you can just use a form of encryption, or whatever, but if you're hacked, and you didn't follow compliance, etc., you will absolutely loose in court.

Frankly, there is no need for you to keep credit card information. Check with your payment processor about services they might offer if you're wanting to save them for recurring billing, etc. Personally, I wouldn't keep credit card information at all.

#5
[eluser]mr_prasanna[/eluser]
That's right. But with some gateways there is no easy method to create billing agreements and bill for a variety of amounts (within a limit though) whenever you want. Like in case of a telephony services portal, customer might want to upgrade/degrade to a plan apart from periodic billing we will have to bill them for few extra bucks. With PayPal there is something called reference transactions but it has it's own limit. Also, if you want to offer trial services, where you charge 0 for few weeks and then bill some $x all this is a slight complex thing. Above all, in case of trial services to avoid fraud we need to verify credit card numbers...
Anyways...it's worth checking with Auth.net or FirstData type of processors than with WorldPay or Paypal. Thanks for all the help.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.