将信用卡信息存储到数据库中的最佳实践

在我的国家,在线支付并不是一件古老的事情,去年我第一次看到一个网络应用程序直接向当地银行账户付款.

In my country the online payments are not an old thing, the first time i saw a web application taking payments directly to a local bank account was last year.

所以,我是一个新手编码网络支付系统.

So, Im a newbie coding web payment system.

我的问题是,将信用卡信息存储到数据库中的最佳做法是什么...

My question is, what are the best practices to store creditcard information into the database...

我有很多想法:信用卡加密、数据库安全限制等

I have many ideas: encrypting the creditcard, database security restriction, etc.

你做了什么?

推荐答案

不要这样做

所涉及的风险实在是太大了,您通常需要接受外部审计,以确保您遵守所有相关的当地法律和安全惯例.

There is simply far too much risk involved, and you will typically need to be externally audited to ensure that you're complying with all the relevant local laws and security practises.

有许多第三方公司为您做这件事,他们已经竭尽全力确保他们的系统安全、遵守当地法律等等.我过去在美国使用的一个例子是 authorize.net.一些银行也有系统,您可以连接到这些系统来存储信用卡数据和处理付款.

There are many third-party companies that do it for you that have already gone through all trouble of making sure their system is secure, that they comply with local laws and so on. An example in the US that I have used in the past is authorize.net. Some banks also have systems that you can hook into to store credit card data and process payments.

我意识到您所在的国家/地区的法律可能没有美国那么严格,但在我看来,这不是您自己动手的借口.当你处理别人的钱时,风险太大了.

I realise the country you're in may not have as strict laws as the U.S., but in my opinion that's no excuse for rolling your own. When you're dealing with other people's money, the risk is just too much to warrant.

相关文章