Does anyone know how to mask a credit a credit card number where the last 4 digits are shown?
[Resolved] Masking Credit Card Numbers
It is simple and correct to store the credit card info using some sort of encryption. Saving cleartext credit card info in your database is insecure and makes you a target for hackers. Encrypt the data for storage. Decrypt the data for display and show last four digits only. This is part of the requirements of Visa' CISP security standards.
Better yet, use a payment service like Secpay that has the facility for repeat transactions built into their secure server. Even passing credit card details via your website is a no no, let alone storing them there. And repeat transactions is the only possible reason I can think of for needing to store credit card numbers yourself.
Be aware, if you are asking the user to enter their credit card number on a form that submits to your server and then passing the details to your payment provider you are asking for trouble. If the wrong people spot it, you will come under attack. What you should be doing is using a service that allows you to upload your payment page to their server. They will have security experts on the staff whose sole job it is is to stay one step ahead of the hackers.
If you lose the right to process online transactions you could loose your business.
From my experience, never EVER store credit card numbers - even ecrypted ones. Why? Even if you encrypt them, you're encrypt code is still on the server so anyone with access to the server has access to the cards. Safest thing to do is just not store them and you have no worries.
How do you handle the last four then? Well, you can store the last four. By themselves, they're meaningless.
To setup re-occurring payments, check your credit card processor. They should have ways to re-bill your customer after X amount of time. This would be the safest way to go...
Thank all Very Much. I have alot to chew on. your are right Ramjet AstroTeg that might be the best way to go. The processor does have all that info.
Again thank you for all the feedback. One last question, How do you mark the post as resolved?
With the 'Mark Thread Resolved' link at the bottom of the page.