将CreditCard信息存储到DataBase的最佳做法 [英] Best practices to store CreditCard information into DataBase

问题描述

在我的国家，网上付款不是一件旧事，去年我第一次看到一个网络应用程序直接向当地银行帐户支付款项。

In my country the online payments are not an old thing, the first time i saw a web application taking payments directly to a local bank account was last year.

我的问题是，将信用卡信息存储到数据库中的最佳做法是什么...

My question is, what are the best practices to store creditcard information into the database...

我有很多想法：加密信用卡，数据库安全限制等。

I have many ideas: encrypting the creditcard, database security restriction, etc.

你做了什么？

推荐答案

不要这样做

过多的风险，您通常需要进行外部审核，以确保您符合所有相关的当地法律和安全实践。

There is simply far too much risk involved, and you will typically need to be externally audited to ensure that you're complying with all the relevant local laws and security practises.

有很多第三为你做的那些公司，已经经历了所有的麻烦，确保他们的系统是安全的，他们遵守当地的法律等。我在过去使用过的一个例子是 authorize.net 。一些银行也有一些系统，你可以挂钩存储信用卡数据和处理付款。

There are many third-party companies that do it for you that have already gone through all trouble of making sure their system is secure, that they comply with local laws and so on. An example in the US that I have used in the past is authorize.net. Some banks also have systems that you can hook into to store credit card data and process payments.

我意识到你所在的国家可能没有严格的法律，美国，但在我看来，这不是滚动自己的借口。当你处理别人的钱时，风险太大了，不足以保证。

I realise the country you're in may not have as strict laws as the U.S., but in my opinion that's no excuse for rolling your own. When you're dealing with other people's money, the risk is just too much to warrant.

这篇关于将CreditCard信息存储到DataBase的最佳做法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！