Menu
I've been tasked with handling some credit card data storage. After reading the PCI compliance questionnaire ( including the NIST 800-57) and some googling ive found few resources that are both (kinda) recent and compliant.
Here are some resources ive found:
http://www.dijksterhuis.org/creating-salted-hash-values-in-c/
http://msdn.microsoft.com/en-us/magazine/cc164054.aspx
Is there a best .NET algorithm for credit card encryption?
My Question: The basic coding logic for encrypting and decrypting the information seems to boil down to the way Yossi does it here:
http://yossi-yakubov.blogspot.com/2010/07/aes-encryption-using-c-short-way.html
Am i correct ? Any more 'standards compliant' methods ? Any other resources someone can recommend?
Thanks alot
UPDATE I dont need to transmit the credit card numbers - i need to recieve and encrypt them for storage in the DB. If this data ever gets transmited it is always done over HTTPS ( so im good in that respect right ? )
Yes i missed this important information when i first posted - but thanks alot for the quick replys, really.
850
It sounds scary that someone outside of a certified credit card institute tries to save this information, no matter if encrypted or unencrypted (I assume that it's not one-way encrypted).
Does your business case really require that? Does your company really want to take the risk of storing credit card numbers?
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
