Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Possible Duplicate:
Storing credit card details
I am creating a website for a client that has a registration system that the user will provide credit card information i have read about so it will be reviewed by the admin of the website just for once then it will be deleted so i would like to know what are the best techniques to encrypt the credit card information
Have a look at PCI DSS and PA-DSS requirements. You’ll have to deal a lot with key management procedures. It’s not only about encrypting and storing the PAN.
Look at what PCI DSS describes as “strong cryptography”.
citation:
Cryptography based on industry-tested and accepted algorithms, along with strong key lengths and proper key-management practices. Cryptography is a method to protect data and includes both encryption (which is reversible) and hashing (which is not reversible, or “one way”). Examples of industry-tested and accepted standards and algorithms for encryption include AES (128 bits and higher), TDES (minimum double-length keys), RSA (1024 bits and higher), ECC (160 bits and higher), and ElGamal (1024 bits and higher). See NIST Special Publication 800-57 (www.csrc.nist.gov/publications/) for more information.