All geek questions in one place

How to securely encrypt credit card information in a database

I have already read Saving Credit Card Information in a MySQL Database and Storing Credit Card Information .

I know that storing credit card information requires PCI compliance, which is not easy.

This is not the issue in question. My question is this:

What is a secure way to encrypt custom credit cards? The simplest and easiest that comes to mind is to use the private key and encrypt CC. This is not very secure, because the key must be stored on the server, and if an attacker can get my database, they can probably get the key too.

What I would like to do is to encrypt each CC using this user password as part of the encryption process. If someone gets the database, they cannot decrypt anything because passwords are stored as salted hashes. This is perfect for transactional purchases - the user clicks "Buy", enters the password as confirmation, I will decrypt their CC and make a payment. Their password is stored only in memory at the time of the request and is never written to disk.

Unfortunately, this will not work for what I am trying to build - it is a service that charges a constant fee (say, once a month), regardless of whether the user is registered when I need to make a charge.

Given this scenario, is there a safe way to store custom CCs?

+6
source share
6 answers

As you need to decrypt, there is always a chance that encryption keys will leak and you will lose everything. This way you will never get absolute security, but you can make it more difficult to access data.

No one but you can judge what level of security (or ambiguity) you should have. This is most likely a function of database size, visibility, etc.

For leaks, unfortunately, you have to assume that everything will leak sooner or later (for example, using brute force with weak passwords), you did not win too much when you left.

Given the latest scandals of credit card leakage - the worst of them had a 3-digit (CVV) number stored with a regular credit card number, which credit card companies explicitly forbid (why would you always have to return it again if someone has your credit card file)

If you do not want to take responsibility for the storage and processing of such data, a good way to go is using the external payment service - let them process it and just say that the payment has been processed, you will have to pay them for your services, but you will also have to pay for implementing your own decision and risk.

+3
source

If you use the password as a salt for CC encryption, this will be a very effective way to protect information, but they will never be able to change their password ... If it is changed, then the encrypted data is lost. The essence of securing an encryption key is to make it as difficult as possible to find ... essentially, the more steps you use to hide the key, the harder it is for them to find ... which means the harder you have to use and program for him. There is no magic bullet at this time to protect everything. (Invent a safe way to keep the key, and you will be rich)

As with the CVV number, it cannot be saved, as mentioned earlier. With each transaction, the cc processing company will provide the merchant with a reference number, which is then used in each re-payment. This means that if the original transaction required a CVV number, then the logic would determine that the recurring payment would also be allowed by the same user who invested it in the first transaction. Therefore, re-payments will not require CVV to maintain the same level of security.

+3
source

You need card information to be reversibly encrypted. Decryption information must come from somewhere. You said that data cannot be received from the user, and you do not want it to be stored on the server, so it must be on separate equipment, which is supposedly more secure. And if you have the opportunity to recall this information, it means the attacker who compromised your system. Thus, it is assumed that decryption information is not retrieved on the vulnerable node during decryption.

Perhaps consider a third-party service that you can encrypt and send information, perhaps one that specializes in PCI compliance. It can decrypt credit card information when you send it a second time and apply a fee, or it can actually store card information for later use. It may even perform recurring transactions for you.

http://www.authorize.net/solutions/merchantsolutions/merchantservices/automatedrecurringbilling/

I'm just on Google, I do not recommend them. But this is an example.

0
source

You could use several servers. Encrypt cc using the key, but save this key on a separate encryption server, access to it is possible only with the username and password for windows or any other OS that you use. Thus, you protect your key by setting up services in the encryption service to start the card through encryption, and then send it to the database.

0
source

Use the php private / public openssl functions when a user makes a purchase using the data in memory to make a purchase, then you store the information using the public key to encrypt it.

To process the billing monthly, you decrypt the data using a private key that you can manually transfer or save in code. If you want to save the ssl key in code and do not have to remember or receive it every time. I would encrypt the key using the salt stored in the + configuration variables, buying a yubi key and creating a 32-character password + my own password on top of it. Keep yubikey in a safe place (safe lol). When you need to process credit cards, do this with a script that runs in the background and runs all billing at the same time. To change the password, you will need to decrypt all the cards and re-encrypt them with the new private / public key or simply decrypt and re-encrypt the ssl private key.

Magic:)

0
source

Encrypt CC information twice. First, encrypt your credit card information based on the user's password (+ salt). Then encrypt the output of this with the server key.

To access the information, you will need a user password (for example, decryption using the server key, and then decryption based on the password). If the database and server key are compromised, information is still not displayed without first attacking the user password.

It is important that the user password is for internal encryption - this allows you to re-encrypt when you change server encryption keys.

When the user changes his password, you also re-encrypt the data. If the user resets his password, then the CC information must be deleted (and still lost, because it cannot be unencrypted).

0
source

Source: https://habr.com/ru/post/918151/

More articles:


All Articles