Should credit card numbers be stored as strings or ints?

Yeah... just thinking about it...

Should I store credit car开发者_开发知识库d numbers that have been input on my site as strings or ints?

I mean, they're made up of numbers which makes me think it's an int... but I don't do maths on them, so maybe a string is more appropriate?

EDIT: So I have to store the number that's been input at some point, before I encrypt it. I probably should have been more specific - it's not like I'm saving them in the DB in clear text or anything - glad to see how conscientious everyone is :)

Neither. You should save them, at very least, as byte arrays encrypted with AES or equivalent using industry-accepted key storage.

Windows provides a lot of this via the Data Protection API: http://msdn.microsoft.com/en-us/library/ms995355.aspx

For your own sake and the sake of your customers, please learn the proper standards for encrypting financial credentials or hire someone who knows them.

Given your edit:

C# has a SecureString class that you should use. I don't believe that there is a Java equivalent, but I could be wrong.

EDIT: For posterity's sake...

Guidelines for storage, transmission, and processing of credit card details are defined by PCI DSS (Data Security Standards). Anyone considering how to architect their solution for managing credit card data should read about that here, and consult an industry expert: https://www.pcisecuritystandards.org/

Credit card numbers would be a string, I'm not positive but i feel like some cards can start with a 0 and you wouldn't want to lose any of those leading zeros. Also, you should encrypt that. If not, a malicious user may be able to snag card numbers through cookies, packet sniffers, and other things.

note that

• range of int in java is -2147483648 until 2147483647 ( you can check it by print Integer.MAX_VALUE and Integer.MIN_VALUE)
• credit card number is having 16 digit of numbers.
• there is no need to do a calculation to a credit card number.
• you should not store credit card without encrypt it ( to avoid the number being stolen ). and usually the result of the encryption can contains alphanumeric.

Based on that facts, I believe String is more appropriate. ( BUT ENCRYPT FIRST )

You shouldn't store credit card numbers at all, ever as anything. If you are integrating with a payment provider pass the information straight to them, if you need to charge later they should be able to provide a token of some sort. Unless your servers are compliant you are probably breaking rules.

Credit card information (or any personal information that can be misused) should never be stored in its raw form (strings, integers, etc). Always encrypt it so that the information is protected in case your website is hacked.

Since it does not make sense to add or multiply credit card numbers, ints are not suitable. Use strings.

Before storing any credit card information get familiar with the requirements for PCI (Payment Card Industry) compliance. This covers how you can store the numbers, and how much of the number you can store. There are a number of other steps you need to take to secure your servers.