[TriLUG] Storing Credit Card Numbers
Brian Henning
brian at strutmasters.com
Tue Mar 15 13:01:31 EST 2005
Hi Guys,
It's becoming inevitable that my employer is going to ask me to add
the ability to store credit card numbers to a point-of-sale application
I've been developing. I've been steadfastly refusing to do so thus far
because I don't want the security responsibility for the data... But
it's become clear that we really do need to be able to retrieve the data
to do things like process RMA credits and whatnot.
So my question is... What encryption scheme should I be studying? I
really don't know a lot about encryption.. Here are the requirements I
have for whatever method you folks suggest.
- Easily integrated into the application as it is. Something that could
live in a MySQL field or two would be optimal.
- Reversable, obviously.
- Reasonably secure against decryption by Bad Guys.
- Reasonably easy to work with in Java.
The MySQL server doesn't answer requests outside the local net, but I
have to assume that there's a chance someone could get in and see the
raw table data..
So. Suggestions?
Thanks!
~Brian
More information about the TriLUG
mailing list