Holding Card Details Securely on server

Forum Moderators: coopster

Message Too Old, No Replies

Holding Card Details Securely on server

have to hold card details, want to keep them secure

hughie

9:14 am on Sep 4, 2006 (gmt 0)

Hi All

I need to use a repeat billing platform and as such am required by the payment gateway to pass them the credit card details when required.

I want to find a way encrypt the card details so they are stored securely, so that if someone got into the server they wouldn't be able to get them.

most of the ways I know of involve holding a password in php somewhere that acts as a key, the problem being that anyone who gets into php could get the key, and then the details.

Are there any better ways round the problem?

Cheers,
hughie

barns101

11:53 am on Sep 4, 2006 (gmt 0)

Are you on shared hosting or is the server your own? Unless you're really up to speed with payment industry security standards for storing card numbers (and I don't mean to be rude but it doesn't sound like you are :) ) you could be breaking the law by doing so or at the very least breaking the card issuer's rules and find your merchant account or processing facility closed.

Storing people's credit card details is a very specialised sector and it is not advisable for anyone else to even attempt it.

jatar_k

4:58 pm on Sep 4, 2006 (gmt 0)

you should talk to your provider, a lot of them will cancel your account as storing card numbers is against their TOS. The increase in your liability is enormous.

hughie

8:57 pm on Sep 4, 2006 (gmt 0)

that's the problem, i'm used to using 3rd party systems where everything is handled away from the server, or where the card is referenced via a unique ident, not the card itself.

this provider in order to do repeat billing insists that the details are held on the server.

I May (the support weren't sure) have to pass an audit before it switches live apparently but i'm very uncomfortable with the arrangement (hence the post)

i'm going through the setup process at the mo, there may be some tools in there but i'm doubtful.

and yes, it's my server.

jatar_k

4:23 pm on Sep 5, 2006 (gmt 0)

seems strange

at any rate, one thing to be sure of is to keep they key for decrypting the stored number on a different server.

you may want to speak to a firm that does security audits and see what they recommend. We went through an audit with KPMG and they had some good recommendations for our specific situation.

hughie

3:26 pm on Sep 7, 2006 (gmt 0)

the client has agreed to scrap that gateway, it does seem very strange as they are a BIG provider. The sales/tech guy said that a lot of the banks no longer agreed to work with that system, i wonder why!

key for decrypting the stored number on a different server

I was going to do this, use and SOAP to transfer it over with a restriction on the IP address from the requesting server along with other encryption. Would this have done the business or would that have had problems as well?

jatar_k

5:00 pm on Sep 7, 2006 (gmt 0)

that would work

it's always about minimizing risks or "taking necessary steps to protect the data"

pretty ambiguous really

you need to be make it significantly difficult for an attacker while still making it relatively easy for your users

yes, that would be good but

it is the system as a whole that would need to be secured, there are a million variables in security and all points of entry need to be aptly protected. I can't really say whether one way would be ample protection. You would need to go through everything and secure it. This is why security audits by a third party, in my mind, would be required as it helps you think of things tht you wouldn't normally on your own.