RE: Encryption of Credit Card files

Secure Home | Search | About

Lost Password?

Microsoft Applications Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject	Author	Date
RE: Encryption of Credit Card files	Ed	01-16-2006

Posted by =?Utf-8?B?RWQ=?= on January 16, 2006, 2:52 pm

If you were Registered and logged in, you could reply and use other advanced thread options

I'll echo Roger's comments. Aside from asking for product advice, it maybe
worthwhile to review your architecture/goals.

Storing credit card information implies that it will be retrieved for future
use. Aside from normal retail operations like allowing customers to "save"
payment information for a quicker checkout process on a subsequent sale,
either by themselves online, or via telephone with a rep, the only other
probable use is for some data mining - but I don't think you need the entire
number to run reports based on credit cards.

On a large scale, say you have multiple "local" locations that run their own
localized sales/ops and then "batch" data into a central location (my guess
for your FTP need), the question still remains, what is the purpose for
including credit card information in such a batching process? I'll assume
this is just to allow the scenario I mentioned - allowing customers
easier/faster experience on a subsequent sale, they may have bought an item
from Store A in CA, but can still have the same ease if they ordered through
your web site or call center in NY or anywhere. In this case, the question
which Roger already asked is, why FTP instead of a synchronized database? If
you are at this scale of operations, then it would only be fitting to have
the proper architecture for it.

-----------
Cheers,
Ed

"The Poster" wrote:

> G/Day Forum,

> We are working on complying with the Visa/MAsterCard Payment Card Industry

> Data Security Standard (PCI DSS). As part of this we need to imply the

> following controls on the storage of credit card data:

> to encrypt data at a folder level - that is all of the containing folders

> and files

> to allow for split knowledge of encryption keys and management thereof

> to allow for strong encryption support (algorithms like 3DES, AES, etc)

> a mechanism for automating the encryption process on a daily basis - this is

> coincide with a backup cycle (no clear text credit card files get backed up

> onto tape)

> We are looking for a File/Folder encryption solution for a Windows 2000

> based file server (member of a Windows 2000 Domain) and a Windows 2003 based

> FTP Server (Standalone system), that will be used for storing Credit Card

> information.

> Your thoughts on any products that suit my requirements?

> Regards,

> Steve.

Similar Threads	Posted
Credit Card Details	December 20, 2007, 7:15 am
Passwords and Credit card numbers kept on computer?	October 19, 2006, 12:35 pm
Re: How to Protect Your Credit or Debit Card and Account Number ???	May 17, 2008, 4:31 pm
how to backup encryption-key of files?	September 4, 2005, 11:25 pm
What is the earliest version with full harddisk encryption (not only files) ?	July 27, 2005, 5:05 am
Smart Card Login + Certificate Login to AD -> Lost smart card	December 15, 2005, 10:03 pm
Smart Card Login + Certificate Login to AD -> Lost smart card	December 15, 2005, 10:41 pm
Data Encryption Standard (DES) encryption	November 15, 2005, 6:26 pm
Smart Card Logon	July 20, 2006, 2:39 am
Smart Card - two readers	December 8, 2006, 8:16 am

The site map in XML format XML site map