Somebody is storing credit card data - how are they doing it?

security encryption credit-card

If I was storing the number, I would be a giant service provider with a massive database. That database is spread across a highly-redundant storage array consisting of multiple cabinets, in separate rooms or ideally in separate geographical locations, connected by a SAN. My biggest insider threat is the distributed physical plant, the constant stream of worn-out drives, and several daily shifts of technicians, administrators, and engineers. It's a huge threat.

Therefore I would encrypt the data on a physically-isolated computer that connects to the mass storage over a network. The software would be as simple as possible: encryption and number verification. The public interfaces and business logic goes elsewhere. Accesses would be logged to a separate SAN.

Encrypt with something like AES. The raw AES key is only ever stored in RAM. The key is wrapped in a PGP file for each administrator, who has their own passphrase to enable the server. Less-trusted personnel can be given partial passphrases to use in disaster recovery, or passphrases can be stored in a vault somewhere. For encryption, pick a unique initialization vector (IV) for each card number, AES-encrypt the number using that IV, and store the IV and encrypted number to the SAN. Decryption only occurs using a privileged client interface; normal client connections used for purchases can never get a decryption.


For vendors to process and store your credit card info, they generally have to get PCI certified. The requirements should be outlined here. Some of the requirements are very straightforward, and others are vague and open to interpretation. Going through the process is not fun, and a company having the certification doesn't mean your data is safe.

But it's better than nothing I suppose.


It's quite easy to store a salted hash of a credit card number rather than the number itself for secure lookups. For 99% of the scenarios out there, this would be sufficient credit card for storage -- fast and very secure.

If you really need reversible encryption of a credit card for some scenario (continued billing, for example), I would go with a symmetric key stored in a secure location other than the database. It's been a while since I looked at PCI specs, but I'm fairly certain that's PCI compliant.

If you need fast lookups along with reversible encryption, use both options: a hash and an encryption.

Edit: There seems to be some controversy over my answer. I would like to point out the following very interesting essay from Integrity.com (PDF):

Hashing Credit Card Numbers: Unsafe Application Practices

It details many of the issues involved in storing a hash of credit card data, but its conclusion confirms my suggestion.

Yes, a raw hash of the card is not secure; that's why we salt our hashes! But a static salt is also not secure, they allow the creation of rainbow tables for known static salts. So it's best to make our salts vary in some way that is unpredictable. In the case of passwords, it's sufficient to use a separate, random hash for each password being checked; it can even reside in the same table/row as the hashed password. For the case of credit cards, this should be the same -- a random salt for each instance of the credit card being hashed. If the credit card number is stored per transaction, a separate salt for each transaction.

There are pros and cons to this approach, but it's sufficiently secure. The pros are the lack of key management; the salt and hash are right there, and don't need to change while still allowing for audit checks of the hash; e.g. does that credit card hash match this known credit card number?

The cons are in search; it's not possible to effectively search for a particular credit card number across many transactions.

Of course, you'll have this issue with external encryption anyway; unless the database is itself encrypted (something only some databases support), you won't be able to search very well. Even then, encrypting at the database or even the table level reduces search effectiveness significantly.

Related

For any $n$, is there a prime factor of $2^n-1$ which is not a factor of $2^m-1$ for $m < n$?
Eigenvalues and Eigenvectors of $2 \times 2$ Matrix
Is $L^2(\mathbb{R})$ with convolution a Banach Algebra?
Basic Taylor expansion question
Do Java sockets support full duplex?
How do you mathematically round a number?
What is the difference between all types of Markov Chains?
On the density of $C[0,1]$ in the space $L^{\infty}[0,1]$
Stirling number of the first kind: Proof of Recursion formula
Tensor Product of Vector Bundles
When linear combinations of independent random variables are still independent?
How to enable debug in slf4j Logger?