如何在数据库中保存信用卡数据？ [英] How to save credit card data in a database?

问题描述

我正在处理一个需要存储整个信用卡号码的应用程序。这是否可以使用任何API？

我已阅读有关 Authorize.net 的客户付款资料选项，但是当您尝试检索该付款资料时，它只会提供最后4位数字。

我还检查了 Braintree 的 v.zero 提供前6位和最后4位数字的API，还有 Stripe 的客户创建选项，但它也只给最后4位数字。

如果没有API可用，存储信用卡号码的唯一方法是使用PCI DSS存储在内部。

解决方案

披露：我为条纹工作

是的，在内部存储客户卡信息的唯一方式是在符合PCI的系统中进行。任何存储它们的地方，以任何方式处理它们，必须符合PCI标准。

使用支付处理器（例如Stripe）获得的最大收益之一就是他们会为您（非常，令人难以置信的，可怕的）的PCI合规工作负责。作为承诺的一部分，他们不会发布他们不知疲倦地保持安全的信用卡详细信息。

如果您愿意通过严格审查您可以按照PCI兼容的方式收集和存储卡号，并使用Stripe的API创建卡[0]，然后进行收费。请注意，您必须以PCI方式使用Stripe的API，否则您将违反服务条款。

如果您能更充分地解释什么应用程序将使用存储的信用卡号码进行处理，也许有人可以提出一种替代方法，不需要在本地实际存储卡信息。

[0] a href =https://stripe.com/docs/api#create_card-source-number =nofollow> https://stripe.com/docs/api#create_card-source-number

I am working on an application in which it is required to store whole credit card numbers. Is this possible to do using any API?

I have read about Authorize.net's Customer Payment Profile option, but it gives only last 4 digits when you try to retrieve that payment profile.

I have also checked Braintree's v.zero API which gives first 6 and last 4 digits and also Stripe's customer creation option but it also gives only last 4 digits.

If there is no API available, the only way to store credit card numbers is to store those in house using PCI DSS??

解决方案

Disclosure: I work for Stripe

Yes, the ONLY way to store customer card information in-house is to do so in a PCI-compliant system. Any place you store them, and any way you handle them, MUST be PCI compliant.

One of the biggest gains from using a payment processor, like Stripe for example, is that they take care of the (very, incredibly, terrifyingly) hard work of PCI compliance for you. As part of that commitment, they're not going to release those credit card details that they work tirelessly to keep secure.

If you're willing to go through the rigors of becoming - and remaining - PCI compliant, you could collect and store the card numbers in a PCI-compliant way and use Stripe's API to create the card [0] and then make the charge. Do note that you MUST be PCI Compliant to make use of Stripe's API in this way, or you will be violating the Terms of Service.

If you can more fully explain what the application will be doing with the stored credit card numbers, maybe someone can suggest an alternative approach that doesn't require actually storing the card info locally.

[0] https://stripe.com/docs/api#create_card-source-number

这篇关于如何在数据库中保存信用卡数据？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！