# Encrypting credit card numbers..

## chatgris

I've got to store credit card numbers in an online database..  in the event of the server being breached I'd really like to encrypt the cc numbers..

I was wondering, what would you guys recommend for some sort of two way encryption that would allow me to crypt and decrypt the contents as needed?

Currently I've only used md5, but that's no good for automated billing..

Josh.

----------

## mglauche

don't ever store credit card numbers in a online database. best is not to store them at all. There were numerous examples in the past when ppl did get massive amounts of cc numbers by hacking into suposely secure servers... (also look/ask up the cc vendors usage details, what THEY say about storing cc numbers, just to cover your ass  :Wink: 

having said that, *IF* you still want to store them, use an asymetric (read: public key) chypher, like RSA or ElGamal, then use the public key to encrypt these files and *NEVER* have the private key on the online machine ...

md5 is a one way hash function, that is good for re-validatiing cc's. (as its highly unlikely that 2 different strings have the same md5 sum ..)

----------

## chatgris

Well, I have to store them for automated billing..

If you can figure out a way to do automated billing without storing cc numbers, I'd like to know =)

Josh.

----------

## klieber

 *chatgris wrote:*   

> I was wondering, what would you guys recommend for some sort of two way encryption that would allow me to crypt and decrypt the contents as needed?

 

3DES, AES or IDEA seem to be the standards these days.  

However, you shouldn't rely upon encryption to protect the credit card numbers -- you should be relying upon multiple levels of security, such as firewalls, encrypted file systems, hardened operating systems and anything else you can think of.  Encryption won't buy you much as an exclusive means of protecting your data.

By relying upon encryption only, the character set of the plain text is going to be a) relatively small (0-9) and b) very easy to guess since anyone who gains access to the data will likely know that they are credit card numbers.  Not only that, but the attacker will also know what length each of the plain text datums are since most credit card numbers are 16 characters long.  If that isn't bad enough, the algorithm for creating credit card numbers is widely known, (mod 10, IIRC) so with a little care and a few Athlon MP workstations, your data starts becoming susceptible to brute force attacks.

As the other poster said, don't store the cc numbers.  If you have to do it, don't rely upon encryption as your sole means of defense.

 *Quote:*   

> Currently I've only used md5, but that's no good for automated billing..

 

Again, because of the known quantities about your data, md5 hashing is of limited usefullness as well.

--kurt

----------

## bcavalieri

Each time you reuse a key, the encryption weakens, so if you use AES, 3DES, etc ... you would need to use a new key with each credit card.  Which also means that you would need to store the key (which is also a security risk).

I use AES to store the cc, and then RSA to store the unique keys.  You could just use RSA for the whole thing, but I felt like making it a little more work if someone were to get my database.

-Bill

----------

## chatgris

Thanks a lot for oyur help..  I'll search google for those terms and see if I can find a library for that.

Also yes, I do not plan on having encryption be my last defense, however, I do feel much better knowing that the cc cards are encrypted should someone hack into the server cause it will at least give me time to notify the proper authorities before the cc numbers are all broken =)

Josh.

----------

## zerogeny

you should only temporary store them anyway (shouldnt you?  :Razz: ) once the transaction is done the number should be deleted.

----------

## chatgris

nope, it's automated billing...

As in they are billed once a month automatically.

----------

## theclaus

I use to work for a company that was in the credit card business and one way we use to do it was to take the credit card processing server off the internet and not even associate it with a internet ip.  Then we had one directory that was open to the online server that the credit card server would poll.  Once it would recieve the file it would delete it and put the auth file in its place.  The online server would take that file and display it back to the user.  For automatic billing we would have the database server which wasn't on the internet at all generate a batch file for each months transactions and send them to the directory.  The software would pick it up and delete the file.  Then it would transmit the auth codes back and the database would poll for that file and import the auths back into the database fields.  Okay that is enough and I am sure people will say that isn't safe but if you can keep the computer off the internet and block all outside traffic so that only certain ips can hit it you should be a bit safer.  Definately though take the database server offline.  Doesn't need to be online at all.

----------

