Link to home
Start Free TrialLog in
Avatar of -Dman100-
-Dman100-Flag for United States of America

asked on

database security for storing online credit card information

Hi Experts,

I'm gathering some requirements for a new database that will serve for a .NET website that will accept online credit card applications for businesses.  It has been awhile since I've worked with SQL Server and I'm trying get prepared on the what questions I need to address around designing this database?

There will need to be tables setup that keep track of the credit card approval process (all steps during it's approval).
There will need to be the ability to differentiate between new account requests and adding a new cardholder to an existing account.  A different application will be required for both scenarios.
There will need to be the ability to attach large documents.

So, my first question, is what are the ways to secure the database?  I have a concern that if credit card information is going to be stored in a database that it needs to be secure.  What are the different options to secure that type of sensitive financial information?  What is the best approach?

It also seems that instead of storing large files in the database, that strong links to the files stored on the file system would be better and more secure?

I apologize for the general questions, but I'm just trying to get some guidance on what initial questions I should be thinking about in preparation for the actual design (structure) of the database.

Any guidance from a sql server guru would be immensely appreciated!!

Thank you!!
SOLUTION
Avatar of HooKooDooKu
HooKooDooKu

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of -Dman100-

ASKER

Thanks for everyone's input.  Using a third party company to handle all the security sounds like the safest option.  How does that exactly work?  For example, do they only maintain the card information and I would store some key in the SQL Database that would return all the credit card information for a specific account?  What is involved in linking the SQL Server database to a third party company?

Thanks for all the responses and help!
Regards.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial