Encrypting credit card information and storing it in a database

Question

Possible Duplicate:
Storing credit card details

I am creating a website for a client that has a registration system that the user will provide credit card information i have read about so it will be reviewed by the admin of the website just for once then it will be deleted so i would like to know what are the best techniques to encrypt the credit card information

Answer 1

Have a look at PCI DSS and PA-DSS requirements. You'll have to deal a lot with key management procedures. It's not only about encrypting and storing the PAN.

Look at what PCI DSS describes as "strong cryptography".

• https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf
• https://www.pcisecuritystandards.org/security_standards/glossary.php

citation: Cryptography based on industry-tested and accepted algorithms, along with strong key lengths and proper key-management practices. Cryptography is a method to protect data and includes both encryption (which is reversible) and hashing (which is not reversible, or “one way”). Examples of industry-tested and accepted standards and algorithms for encryption include AES (128 bits and higher), TDES (minimum double-length keys), RSA (1024 bits and higher), ECC (160 bits and higher), and ElGamal (1024 bits and higher). See NIST Special Publication 800-57 (www.csrc.nist.gov/publications/) for more information.