Protect Credit Card Information Using Encryption

Credit card information is of special concern to enterprise architects as these data are usually the most vulnerable. Ideally, the protection of credit card information starts with the protection of the entry point into your organization. This may be in the form of a Web site that should be protected using a secure sockets layer (SSL). For one-time transactions, the credit card information should never be stored. Instead, it is preferable to pass this information to the payment gateway (provided by a bank) that the enterprise uses. Every transport used between systems should also support some form of encryption.

At times, it is preferable to allow applications to process recurring charges that mandate storing credit card information. In this situation, it becomes mandatory to encrypt the credit card number in the database. Likewise, related personal information, such as name and address, should be stored separately in a database separate from credit card information. To further increase the security of the data, consider using separate user IDs and passwords for the database that stores personal information and the database that stores credit card information. Ideally, neither database should use default database passwords.