Protect Credit Card numbers (Arev32)
At 15 AUG 2011 01:42:21PM James Foulkrod wrote:
How should I protect customer credit card numbers in AREV32?
At 15 AUG 2011 06:16PM [url=http://www.sprezzatura.com]The Sprezzatura Group[/url] wrote:
What jurisdiction do you fall under? Different countries have different requirements for encrypytion levels and in some countries you have to have your system certified before you can store card numbers. A good starting point is https://www.pcisecuritystandards.org/hardware_software/
World leaders in all things RevSoft
At 22 AUG 2011 03:57PM Eric wrote:
I'd use an ICONV/OCONV with a custom conversion.
If you're in a hurry, then you could start with base64encode(data) and base64decode(data). On top of that perform basic substitution of one letter for another. You could always swap the 4th/8th number etc on top of this.
Another way would be to use bitxor of each character in a key string against each corresponding character in the number string. Encrypt and decrypt are the same process.
You can also jumble the numeric data in among the name/expiry date info.