By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,972 Members | 1,115 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,972 IT Pros & Developers. It's quick & easy.

q; keep credit card data

P: n/a
Hello,
If I need to keep credit card data in my database, is there any site that
talks about the requirements need to be realized during SW development and
the liabilities for overall system development.

Sep 20 '06 #1
Share this Question
Share on Google+
5 Replies


P: n/a
Well you'd need to encrypt it at a minimum, but I would highly advise NOT
keeping complete credit card details in the database because there is no
such thing as 100% secure and I'm sure you'd rather not be liable.

--
I hope this helps,
Steve C. Orr
MCSD, MVP, CSM
http://SteveOrr.net
"JIM.H." <JI**@discussions.microsoft.comwrote in message
news:D2**********************************@microsof t.com...
Hello,
If I need to keep credit card data in my database, is there any site that
talks about the requirements need to be realized during SW development and
the liabilities for overall system development.

Sep 20 '06 #2

P: n/a
Hi Jim,

If you must keep credit card data (not recommended), be sure to check out
the ASP.NET 2.0 Internet Security Reference Implementation. It revised the
PetShop 4 sample to use security best practices:

http://www.gotdotnet.com/codegallery...4-12d5a13f22ff

Ken
Microsoft MVP [ASP.NET]

"JIM.H." <JI**@discussions.microsoft.comwrote in message
news:D2**********************************@microsof t.com...
Hello,
If I need to keep credit card data in my database, is there any site that
talks about the requirements need to be realized during SW development and
the liabilities for overall system development.

Sep 21 '06 #3

P: n/a
"JIM.H." <JI**@discussions.microsoft.comwrote in message
news:D2**********************************@microsof t.com...
If I need to keep credit card data in my database
In addition to what Steve and Ken have said, you also need to think about
the legal aspect of what you're doing. I don't know where in the world
you're based, but we in the UK certainly have very strict laws about holding
data such as this:
http://www.dataprotectioncenter.com/...ction_act_1998
Sep 21 '06 #4

P: n/a
Not sure of the exact time, I think 30 days, but there is a short limit on
how long you can store CC numbers, by US law.

-------------------------------------------------------------------------
"JIM.H." <JI**@discussions.microsoft.comwrote in message
news:D2**********************************@microsof t.com...
Hello,
If I need to keep credit card data in my database, is there any site that
talks about the requirements need to be realized during SW development and
the liabilities for overall system development.

Sep 23 '06 #5

P: n/a
"Windsun" <wi******@earthlink.netwrote in message
news:uW**************@TK2MSFTNGP04.phx.gbl...
Not sure of the exact time, I think 30 days, but there is a short limit on
how long you can store CC numbers, by US law.
So how do companies like Amazon, PayPal etc do it...?
Sep 23 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.