database security for storing online credit card information
Posted on 2014-09-08
I'm gathering some requirements for a new database that will serve for a .NET website that will accept online credit card applications for businesses. It has been awhile since I've worked with SQL Server and I'm trying get prepared on the what questions I need to address around designing this database?
There will need to be tables setup that keep track of the credit card approval process (all steps during it's approval).
There will need to be the ability to differentiate between new account requests and adding a new cardholder to an existing account. A different application will be required for both scenarios.
There will need to be the ability to attach large documents.
So, my first question, is what are the ways to secure the database? I have a concern that if credit card information is going to be stored in a database that it needs to be secure. What are the different options to secure that type of sensitive financial information? What is the best approach?
It also seems that instead of storing large files in the database, that strong links to the files stored on the file system would be better and more secure?
I apologize for the general questions, but I'm just trying to get some guidance on what initial questions I should be thinking about in preparation for the actual design (structure) of the database.
Any guidance from a sql server guru would be immensely appreciated!!