Store credit card detail into mysql database

Question

Possible Duplicate:
Saving credit card information in MySQL database?

I want to know if its safe to store credit card detail into database.

i started to think about encrypt it using AES128 with separate decryption key for each entry.

But i want to know is it safe?

I used hextobin and bintohex to encode and decode it i did it all successfully but all i concern is about safety.

And what is IV in storing this detail i done all the programming efficiently but i worry about safety what step do i need to take to make it secure.

Is it safe if i use dedicated server and use SSL? what else i can do.?

Thanx in advance

@PanagiotisPalladinos hey bro dont worry he has been rewarded look he's answer is already been up voted and accepted... as per my thinking Help must always be rewarded. — Dipesh Parmar, Dec 05 '12 at 09:48
Yeah I upvoted his answer too ;) I think it's not worth the risk storing sensitive data in your own database nowadays. There are many great and easy to use services out there. — xray1986, Dec 05 '12 at 10:12
yah thats why i asked before implementing it in action..i did all the code to store encrypted detail but then i realize its risk so i posted here. — Dipesh Parmar, Dec 05 '12 at 10:15

score 6 · Accepted Answer · edited Jun 20 '20 at 09:12

6

Don't. The risks are too high. better use 3rd party like Google Checkout, Amazon Payments, 2Checkout, Authorize.net, Zaarly and other.

EDIT

It doesn't matter what measures of protection you will take, there's always the possibility of someone hacking your system (even big companies like RSA have been hacked). If it will happened to you, you might be heavily punished, depends on which country it happened.

edited Jun 20 '20 at 09:12

Community

1
1

answered Dec 05 '12 at 08:19

Kuf

17,318
6
67
91

1

There are a lot of big websites (amazon?) that do this, and it's a usefull feature. – Nanne Dec 05 '12 at 08:21
2

check Zaarly.com i think they are storing our credit card detail into their system. – Dipesh Parmar Dec 05 '12 at 08:22

score 2 · Answer 2 · answered Dec 05 '12 at 08:20

2

One important question here is why are you wanting to store credit card data? Is it for the users convenience? Or for use as part of an identity check? Either way, there is almost certainly a better solution. Investigate third party gateway payment solutions!

answered Dec 05 '12 at 08:20

ninesided

23,085
14
83
107

1

yah its for user convenience so they may not get bore while doing payment or purchase anything with us. – Dipesh Parmar Dec 05 '12 at 08:24

score 0 · Answer 3 · answered Dec 05 '12 at 08:22

0

I think yess. Use the AES-128 block cipher algorithm in counter (CTR) mode.with the 128-bit key

Here are examples of encryption from simple to complex data with credit card number

http://www.di-mgt.com.au/cryptoCreditcard.html

answered Dec 05 '12 at 08:22

Mehdi Bugnard

3,889
4
45
86

1

i already did that according to this link but made some improvement in it to make it more secure. – Dipesh Parmar Dec 05 '12 at 08:34
1

Ah ok sorry.. i think only help you ;-) – Mehdi Bugnard Dec 05 '12 at 08:35
1

dont be sorry Sire thanx for the help. i didnt downvote u.. – Dipesh Parmar Dec 05 '12 at 08:36

Store credit card detail into mysql database

3 Answers3