[TriLUG] Storing Credit Card Numbers

Brian Henning brian at strutmasters.com
Tue Mar 15 13:01:31 EST 2005


Hi Guys,
   It's becoming inevitable that my employer is going to ask me to add 
the ability to store credit card numbers to a point-of-sale application 
I've been developing.  I've been steadfastly refusing to do so thus far 
because I don't want the security responsibility for the data...  But 
it's become clear that we really do need to be able to retrieve the data 
to do things like process RMA credits and whatnot.

So my question is...  What encryption scheme should I be studying?  I 
really don't know a lot about encryption..  Here are the requirements I 
have for whatever method you folks suggest.

- Easily integrated into the application as it is.  Something that could 
live in a MySQL field or two would be optimal.
- Reversable, obviously.
- Reasonably secure against decryption by Bad Guys.
- Reasonably easy to work with in Java.

The MySQL server doesn't answer requests outside the local net, but I 
have to assume that there's a chance someone could get in and see the 
raw table data..

So.  Suggestions?

Thanks!
~Brian



More information about the TriLUG mailing list