Security considerations when collecting and storing bank account details in a php/mysql application

Question

We have been asked to look into the feasibility of an application to collect bank account numbers and sort codes and store them temporarily for offline processing through a paperless direct debit system.

Data will be collected from website visitors through a 256 bit SSL connection and stored in a mySQL database for later collection by our client. This data would be held temporarily until downloaded at which point it would be erased from the database.

Details: We host a few other websites on this particular server No-one has shell access or FTP access to the server Server is PCI compliant Mod_security and other software running on machine

I know this is very similar to this question Best practices for storing bank information in a database, and appreciate the bulk of responses are to steer clear.

I understand the list of security considerations is potentially very large.

What particular areas of security should we focus on?

Answer 1

Use asymmetric encryption so that the data is encrypted before being inserted into the database, but you don't store the necessary key to decrypt the data on the server.

This key should only be stored on the client's side, so they can decrypt it after retrieving it from your server.

Still with this protection, you'll want to create a tunnel of sorts for them to securely connect to your server(s). If you intend to let them connect to MySQL directly, I should mention it is inadvisable to accept external connections to the MySQL listening port indiscriminately. If they have a static IP, you can make use of a software or hardware firewall to restrict it in that manner, if creating a VPN is not workable for you.

This answer provides some information about doing asymmetric encryption with the built-in openssl_* functions in PHP.

Please ask for clarification/expansion on any of this as necessary.