I have a requirement to store credit card details (not storing is NOT an option).
Using mcrypt with mcrypt_dev_random to generate init_vector takes varying ages to encrypt/decrypt but seems is the most 'secure' option. mcrypt_dev_urandom MUCH quicker but not suitable for long term storage - as I have read.
Looking at GnuPG as a possible alternative and would like some opinions/heads up on these if possible.
You should store paper documents with credit card numbers locked in a safe place such as a safe when not in use and restrict access. Electronic storage of credit card numbers is also standard if, for example, you perform recurring or recurring transactions.
Keep paper documents with credit card numbers locked in a secure place (like a safe) when not in use. Electronic storage of credit card numbers is also common if, for example, you process recurring or repeat transactions. If you do this, you cannot store these files unencrypted.
In most cases, credit card information shouldn't be stored in the database at any time. Storing this information is not only a liability for security reasons, but it results in more compliance actions that need to be taken to be PCI-compliant.
If you really want to store credit card information securely, there's a standard for it: Payment Card Industry Data Security Standard. And it's a lot more involved than using one specific encryption algorithm. It requires you to store parts of the card details on two physically separate machines, among many other things. And even if you follow the PCI standard to the letter, experts argue you're still not entirely secured. Anything less than that is pretty much not worth discussing in detail, since the overall level of security is so low that it hardly makes a difference.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With