[WEB SECURITY] PCI DSS Level 1 - Guidelines for Storing Credit Card Details?

Ed Bordin edbordin at gmail.com
Mon Feb 7 01:13:04 EST 2011


We have a web application running on Amazon AWS, which has recently
been upgraded to PCI DSS Level 1 compliance. We want to take advantage
of this and store credit card numbers on our host, but I'm having
trouble finding any guidelines on best practices. In particular, what
kind of encryption to use when storing the cards in the db, and what
measures to take to keep the encryption key safe. Can anyone help?




More information about the websecurity mailing list