There are major implication of storing such data and in the UK there are particularly stringent restrictions on how and where you can store such data. I believe this goes as far as dictating hardware setup etc. My advice would be evaluate the reason why you are storing this information and think about shifting this task to a dedicated payment gateway service. These services are setup to ensure all legislation is covered and users personal data is protected. If you are storing data for delayed or repeat billing these service should be able to facilitate this.
I have in the past been asked by a number of clients to store this data so they could process orders manually through a PDQ terminal... All to save paying for a payment gateway. Although the risk may seem small. Just imagine the implications of someone gaining access to your server? (This does happen) Alistair 2008/6/12 Dustin Whittle <[EMAIL PROTECTED]>: > > Also, see the dwCryptPlugin for a simple interface to mcrypt encryption. > > - Dustin > > > On 6/12/08 2:33 PM, "Lee Bolding" <[EMAIL PROTECTED]> wrote: > > > > > You may want to check this : http://en.wikipedia.org/wiki/PCI_DSS > > before you go ahead and do that. > > > > "A company processing, storing, or transmitting payment card data must > > be PCI DSS compliant or risk losing their ability to process credit > > card payments and being audited and/or fined" > > > > I think you'll find that one way functions are mandatory, and that > > you're only ever allowed to store the last 4 card digits in plain. > > > > On 12 Jun 2008, at 22:02, Richtermeister wrote: > > > >> > >> Thanks Mohammad, > >> > >> that is exactly what I was looking for! > >> And another reason to get mcrypt working on my server ;) > >> > >> Thanks again, > >> have a great day. > >> > >> Daniel > >> > >> > >> > >> On Jun 12, 1:37 pm, "Mohammad Ali Safari" <[EMAIL PROTECTED]> > >> wrote: > >>> Hi, > >>> I use the methods in PHP mcrypt module. > >>> > >>> I have these two methods: > >>> > >>> // Decription Encryption > >>> public static function encrypt($string, $key){ > >>> $cipher_alg = MCRYPT_RIJNDAEL_128; > >>> $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, > >>> MCRYPT_MODE_ECB), > >>> MCRYPT_RAND); > >>> $encrypted_string = base64_encode(mcrypt_encrypt($cipher_alg, $key, > >>> $string, MCRYPT_MODE_CBC, $iv)); > >>> $iv_encode = base64_encode($iv); > >>> return $encrypted_string.'_'.$iv_encode; > >>> } > >>> > >>> public static function decrypt($encrypted_string, $key){ > >>> $cipher_alg = MCRYPT_RIJNDAEL_128; > >>> list($encrypted_string, $iv) = explode('_', $encrypted_string); > >>> $decrypted_string = mcrypt_decrypt($cipher_alg, $key, > >>> base64_decode($encrypted_string), MCRYPT_MODE_CBC, > >>> base64_decode($iv)); > >>> $len = strlen($decrypted_string); > >>> $j = $len-1; > >>> while ($decrypted_string[$j] == "\0") $j--; > >>> $decrypted_string = substr($decrypted_string, 0, $j+1); > >>> return $decrypted_string; > >>> } > >>> > >>> where $key is some fixed value stored in my app.yml file. > >>> > >>> --Mohammad > >>> > > > > > > > > > > > > > -- Alistair Stead Senior Interactive Developer Mobile: +44 (0) 7788 107 333 Email: [EMAIL PROTECTED] WWW: designdisclosure.com The information contained in this email is confidential and may contain proprietary information. It is meant solely for the intended recipient/recipients. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted in reliance on this, is prohibited and may be unlawful. Please consider the environment before printing this e-mail. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
