[TriLUG] Storing Credit Card Numbers
William Sutton
william at trilug.org
Tue Mar 15 14:29:07 EST 2005
If you're at a publicly traded company, you might have your accounting
firm check into the implications of storing this kind of financial data
with respect to Sarbanes-Oxley (SOX). Just a thought...also could be a
useful way to get more time for analyzing the situation :)
William
On Tue, 15 Mar 2005, Ron Joffe wrote:
> On Tuesday 15 March 2005 13:01, Brian Henning wrote:
> > Hi Guys,
> > It's becoming inevitable that my employer is going to ask me to add
> > the ability to store credit card numbers to a point-of-sale application
> > I've been developing. I've been steadfastly refusing to do so thus far
> > because I don't want the security responsibility for the data... But
> > it's become clear that we really do need to be able to retrieve the data
> > to do things like process RMA credits and whatnot.
> >
> > So my question is... What encryption scheme should I be studying? I
> > really don't know a lot about encryption.. Here are the requirements I
> > have for whatever method you folks suggest.
> >
> > - Easily integrated into the application as it is. Something that could
> > live in a MySQL field or two would be optimal.
> > - Reversable, obviously.
> > - Reasonably secure against decryption by Bad Guys.
> > - Reasonably easy to work with in Java.
> >
> > The MySQL server doesn't answer requests outside the local net, but I
> > have to assume that there's a chance someone could get in and see the
> > raw table data..
> >
> > So. Suggestions?
> >
> > Thanks!
> > ~Brian
>
> I Just read this article, It's oracle specific, but the ideas should be
> applicable.
>
> http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html
>
> Ron
>
>
>
>
More information about the TriLUG
mailing list