[TriLUG] Storing Credit Card Numbers

Brent Verner brent at rcfile.org
Tue Mar 15 17:31:51 EST 2005


[2005-03-15 18:01] Brian Henning said:
| Hi Guys,
|   It's becoming inevitable that my employer is going to ask me to add 
| the ability to store credit card numbers to a point-of-sale application 
| I've been developing.  I've been steadfastly refusing to do so thus far 
| because I don't want the security responsibility for the data...  But 
| it's become clear that we really do need to be able to retrieve the data 
| to do things like process RMA credits and whatnot.
| 
| So my question is...  What encryption scheme should I be studying?  I 
| really don't know a lot about encryption..  Here are the requirements I 
| have for whatever method you folks suggest.
| 
| - Easily integrated into the application as it is.  Something that could 
| live in a MySQL field or two would be optimal.
| - Reversable, obviously.
| - Reasonably secure against decryption by Bad Guys.
| - Reasonably easy to work with in Java.

  I've done similar by storing in OpenPGP format using the crypto
bits from here:
http://www.bouncycastle.org/

	b




More information about the TriLUG mailing list