[TriLUG] Storing Credit Card Numbers

William Sutton william at trilug.org
Tue Mar 15 14:29:07 EST 2005


If you're at a publicly traded company, you might have your accounting 
firm check into the implications of storing this kind of financial data 
with respect to Sarbanes-Oxley (SOX).  Just a thought...also could be a 
useful way to get more time for analyzing the situation :)

William

On Tue, 15 Mar 2005, Ron Joffe wrote:

> On Tuesday 15 March 2005 13:01, Brian Henning wrote:
> > Hi Guys,
> >    It's becoming inevitable that my employer is going to ask me to add
> > the ability to store credit card numbers to a point-of-sale application
> > I've been developing.  I've been steadfastly refusing to do so thus far
> > because I don't want the security responsibility for the data...  But
> > it's become clear that we really do need to be able to retrieve the data
> > to do things like process RMA credits and whatnot.
> >
> > So my question is...  What encryption scheme should I be studying?  I
> > really don't know a lot about encryption..  Here are the requirements I
> > have for whatever method you folks suggest.
> >
> > - Easily integrated into the application as it is.  Something that could
> > live in a MySQL field or two would be optimal.
> > - Reversable, obviously.
> > - Reasonably secure against decryption by Bad Guys.
> > - Reasonably easy to work with in Java.
> >
> > The MySQL server doesn't answer requests outside the local net, but I
> > have to assume that there's a chance someone could get in and see the
> > raw table data..
> >
> > So.  Suggestions?
> >
> > Thanks!
> > ~Brian
> 
> I Just read this article, It's oracle specific, but the ideas should be 
> applicable.
> 
> http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html
> 
> Ron
> 
> 
> 
> 




More information about the TriLUG mailing list