Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this questionI have been working on a project where other developers developed an app which processes credit cards. It's like the customer calls the representative and he takes the information and charges the card. We need to store reference to the card so we can charge them again quickly when they call us. It's infrequent开发者_开发知识库 and actually when the customer calls or make an order using on-line form.
When i was checking the database. I was very surprised to see that he was storing all credit card information. Well, not only the credit card number, he is also saving the expiration , ccv and everything a customer throws in.
It's all unencrypted and just there!We don't maintain that much monitoring/security at all.
I am just all confused now. Is it ever okay to store them? I know it isn't . Whats his reason of storing them?
This is kind of strange. To be allowed to handle credit card data, you normally would have to pass an external PCI-DSS audit which would check the security of your system, including data handling, encryption, and processes.
The guidelines state amongst other things, that this data has to be encrypted. Also you are never allowed to store the CCV value. You should check with your colleagues is this is all kosher. You could face some serious (law-enforcement) issues if there are any issues on your system.
I guess the reason for storing the data like it's done today is just stupidity. You should really change that ASAP!
精彩评论