Storing Credit Card Info

[The Little Guy]

What would be a secure way to store credit card information?

 

Some people say that a salted base64_encode() is secure, but I seem to feel that that isn't as secure.

 

I thought that using Mcrypt would be a better way.

 

Any thoughts on this?

[KevinM1]

What would be a secure way to store credit card information?

 

Some people say that a salted base64_encode() is secure, but I seem to feel that that isn't as secure.

 

I thought that using Mcrypt would be a better way.

 

Any thoughts on this?

 

To be honest, I'm not sure.  I think it depends on your country's/state's laws.  Online credit card security is generally a can of worms an independent developer probably shouldn't open.  The liability alone would make me weary.

[s0c0]

It all has to do with PCI compliance and the above poster is correct that you probably don't want to deal with this.  Instead you can use a service like authorize.net or merchant e-solutions and have them store the credit card for you.  Alls you would need to store at that point is a token referencing the securely stored credit on their system.  I designed a system like this before and to be even more secure I even encrypted the token using a two-way cypher: http://www.phpclasses.org/package/6264-PHP-Encrypt-and-decrypt-data-using-Rijndael-256-cypher.html.

 

With that said I worked for an employer once and my boss didn't care much for the safety of the customers financial data.  We stored the credit card information using a custom written two-way cypher and probably still do to this day.  If I were the decision maker, its not a decision I would make.  You wouldn't want your data to be stored in a non-secure non-PCI compliant manner, would you?

 

https://www.pcisecuritystandards.org/