Encrypting a credit card number for database storage in c#

I want to encrypt credit card numbers I get from web surfers for storage in my sql server with c# and asp.net.

Where should I store the key? How should the system access the key when it wants to decrypt a number from a return visitor? If the key is stored in the database or web.config wouldn't that make for a not so secure system?
sethUSer420Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cookreCommented:
A simple way around that problem is to use a string (or portion thereof) already embedded in the code as the key.  Don't make a special key string, just use an error message, window title, or some such.  Anyone looking at plaintext strings in the executable won't give such strings a second thought.

Now, if they're willing and able to reverse engineer the executable, well, you'd be hard pressed to protect against that anyway.
0
mAjKoLCommented:
It is not very secure to include your key in the code. It should be extracted and used at runtime.
Read this:
http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/default.aspx

HTH
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fulp02Commented:
Another Simple fix is if your customers are going to have accounts with you Use the users passwords
to encrypt the credit card number and experation date and CVV2 card code then when the returning
customers come back the key will be their password. That way the only people that can get their credit
card are them ! and you of course as long as you know their password .

Good luck with it man sounds very interesting let me know what happens
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C#

From novice to tech pro — start learning today.