Solved

Encrypting a credit card number for database storage in c#

Posted on 2004-09-25
3
1,579 Views
Last Modified: 2010-05-18
I want to encrypt credit card numbers I get from web surfers for storage in my sql server with c# and asp.net.

Where should I store the key? How should the system access the key when it wants to decrypt a number from a return visitor? If the key is stored in the database or web.config wouldn't that make for a not so secure system?
0
Comment
Question by:sethUSer420
3 Comments
 
LVL 22

Expert Comment

by:cookre
ID: 12151814
A simple way around that problem is to use a string (or portion thereof) already embedded in the code as the key.  Don't make a special key string, just use an error message, window title, or some such.  Anyone looking at plaintext strings in the executable won't give such strings a second thought.

Now, if they're willing and able to reverse engineer the executable, well, you'd be hard pressed to protect against that anyway.
0
 
LVL 3

Accepted Solution

by:
mAjKoL earned 500 total points
ID: 12152339
It is not very secure to include your key in the code. It should be extracted and used at runtime.
Read this:
http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/default.aspx

HTH
0
 
LVL 2

Expert Comment

by:fulp02
ID: 12154220
Another Simple fix is if your customers are going to have accounts with you Use the users passwords
to encrypt the credit card number and experation date and CVV2 card code then when the returning
customers come back the key will be their password. That way the only people that can get their credit
card are them ! and you of course as long as you know their password .

Good luck with it man sounds very interesting let me know what happens
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question