Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Encrypting a credit card number for database storage in c#

Posted on 2004-09-25
3
Medium Priority
?
1,686 Views
Last Modified: 2010-05-18
I want to encrypt credit card numbers I get from web surfers for storage in my sql server with c# and asp.net.

Where should I store the key? How should the system access the key when it wants to decrypt a number from a return visitor? If the key is stored in the database or web.config wouldn't that make for a not so secure system?
0
Comment
Question by:sethUSer420
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 22

Expert Comment

by:cookre
ID: 12151814
A simple way around that problem is to use a string (or portion thereof) already embedded in the code as the key.  Don't make a special key string, just use an error message, window title, or some such.  Anyone looking at plaintext strings in the executable won't give such strings a second thought.

Now, if they're willing and able to reverse engineer the executable, well, you'd be hard pressed to protect against that anyway.
0
 
LVL 3

Accepted Solution

by:
mAjKoL earned 1000 total points
ID: 12152339
It is not very secure to include your key in the code. It should be extracted and used at runtime.
Read this:
http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/default.aspx

HTH
0
 
LVL 2

Expert Comment

by:fulp02
ID: 12154220
Another Simple fix is if your customers are going to have accounts with you Use the users passwords
to encrypt the credit card number and experation date and CVV2 card code then when the returning
customers come back the key will be their password. That way the only people that can get their credit
card are them ! and you of course as long as you know their password .

Good luck with it man sounds very interesting let me know what happens
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
The online market is growing at an unprecedented rate and retail eCommerce sales are expected to reach $4 trillion by 2020. Yet, the profit is not just there for the taking because you have to set yourself apart from the competition.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question