I have a client thats wants to store the cc numbers in mysql, and he needs to store them in there for some kind of discount thing I have no clue what hes doing, but he is a legit company for sure. Anyways I know this is aloud, but there is strict regulations on this, any one know what it is, or the guidelines this must meet? to be cisp compliant
not sure about cc numbers, but I do know you absolutely shouldn't store the CCV # (the 3 digit code on the back of the card) Very unsecure.
If you have to do it, encrypt and ssl would be the way to go i presume. MD5 can be quickly cracked though...
Yeah, I encrypted and used https:// for all pages that inserted into the db for a client site that requires these to be stored. I also contacted their merchant account and processor to verify this was compliant and they agreed. They also did say NOT to store the CVV2 code, good call on that one medicalhumor.
I found this Wikipedia article useful when I was working with credit card data. It also contains a link to a PDF of the PCI DSS standard: http://en.wikipedia.org/wiki/PCI_DSS I ended up splitting credit card numbers rather than storing encrypted numbers in the database, but certain types of encryption are OK too.
1) Encrypt 2) Dont use md5 3) Keep your software up to date so you dont get exploited and your CC numbers stolen.
It's illegal to store the CVV2 code in the database, but not credit card (though dumb to store it in plain-text). If it's a PHP application you should use mcrypt() function to encrypt it.. then when he wants to pull it up it'll require him to provide the key.
i would not let them pull it up at all, in fact i would limit the database permissions to write only for that table and run a second script (preferably one that doesn't accept user input to run) with a strong encrypted database password to do payment processing. md5, sha1 etc are hash functions and would be useless for this type of thing even if they could not be hacked.
i have my credit card data with cvc so how could data store my expire card , bcoz my younger brother wanna use he live other city , hmm\its dublicate card , i know , tell me please any buddy , help me give me website or PM me
If it's your own card, you can store it however you want to. Credit card storage regulations pertain to customer's credit cards or data related to the processing of a credit card transaction.