Forum Moderators: coopster
I am not sure if I am making sense here, is there anything close to making an extra layer of security of retrieving the credit card information on demand, even if it means the system is going to be slow.
Two points here: Keeping it away when there is no immediate need of it, Keeping it in a different DB where there is extra layer of security where it won't be as easily accessible as the other info for somebody trying to reach them inappropriately.
If you do something different, how do you ensure the safety of your CC info?
Habtom
According to PCI rules and regulations, storage of the entire credit card number is not permitted unless certain criteria are met. You can store the first four and the last six digits according to Authorize.net. Again, if you only need the data for refunds, typically a transaction reference number from your gateway provider is enough.
If you do require the credit card information for recurring transactions, then you need to look and encrypting the data before storing it. For our online customers that have recurring charges, CC data is split, encrypted (128-bit), then sent to two DB servers behind our firewall. When it comes time to charge, the information is re-assembled outside of public space and processed as needed. NEVER make the full credit card visible.
That has been our experience, hope that helps.
Bing
