I'm building an application that accepts credit card orders, but does not programatically authorize payments. Instead, an administrator MUST review each order and manually type their information into a payment gateway to complete the payment (their decision, not mine). I'm wondering what the best way to store (even if it is temporary) their information and deliver it to the admin.

Is it OK to email this sort of information unencrypted? If I encrypt the information, what is the best way to serve it to them through an admin panel without risk?

开发者_运维百科And please don't tell me to Google "PCI Compliance".

NO

What if there are viruses on the receiving computer? What if there is a packet sniffer near by (unlikely, but still...). Why would you want to send such volatile information in an email anyway? Wouldn't the card holder know the numbers on their own card? I suppose if you wanted to say "you have [this] card", only send the last four digits of the number, for example "Visa Debit ending in 1234" or "Solo, expiring 7/15".

Short : No good ways. Let's make it clear:

NO. GOOD. WAYS. NONE. ZERO. NADA. EVER.

Long : You can only place as many hurdles you can between a potential hacker and these datas.

• Any pages where the Credit Card informations are inputed or displayed must use HTTPS. That's the real minimum, or anyone with a network sniffer would get these credentials.
• Store these credentials in your DB encrypted, using a strong algorithm : RSA, Blowfish.
• Keep the key of the encryption in a "safe" place. This is the weakest point : your script needs it to decypher the informations when you display it on an admin panel. So put it in a file with minimal access right (e.g. linux octal rights set to 400, with ownership to specialuser:specialgroup).
• Don't give a password to this user and to the root , set SSH login with only SSH key.
• Be paranoïd : change the user password everyday, decypher the datas and change the key every day or less.

Edit:

In fact the weakest point would be the user's computer. But when he'll be charged for $10,000 of cocaïne and kalashnikov, he'll say

I'm sure this website where I gave my credentials was hacked. I'll never bought form them again

No - it's not secure.

Even if you encrypt the emails, I wouldn't buy anything from you. But then again, I'm not much more likely to buy stuff from you even if you only ship the data over HTTPS - I only give my cc number to companies I can reasonably trust (Google, Worldpay, Paypal, Sagepay, Netbanx...)