开发者

PCI compliance - storing billing data

I am developing a shopping cart and if possible, would like to store:

Name Billing Address Zip Code

Into a MySQL database. This would be nice because returning customers wouldn't have to re-enter billing information each time they check out. I am no开发者_开发百科t going to store any credit card data.

Would I be in violation of PCI standards by doing this?


PCI Compliance does not cover the storing of a customers Name, Address etc. It deals with the handling of credit card data. From a PCI compliance perspective as long as you store no more than the last 4 numbers of the credit card in plain text you should fine to store the customers billing information for use on a future visit.

Of course it has never hurt to be super security conscience and to store all customer information encrypted, but as long as you are noting storing credit cards you should be fine to store customer name, address etc.


I think you can encrypt and store them. Then you have to decrypt it before using. You can't show it decrypted anywhere.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜