HomeHome Product Discus... Product Discus...Payment Registr...Payment Registr...Customer Credit Card - Security  QuestionCustomer Credit Card - Security Question
Previous
 
Next
New Post
12/29/2010 12:40 PM
 

Payment Registration Module

1) Does your modules store Customer "credit card numbers & info" in our tables ?
2) If so, is it encrypted ?
3) What are the steps we have to take to protect the data ?

 
New Post
12/30/2010 12:45 PM
 

Yes the module stores the credit card numbers. We have built and modified all our modules that process, store and transmit credit card information to be fully PCI compliant. We have implemented PCI standards regarding secure storage of data, strong access control, and other requirements.

  • Credit Card Encryption – All our modules store credit card numbers in the database using RSA 256 bit encryption which is an approved encryption by PCI. In the cart their is the option to turn off the storage of credit card numbers.
  • Card Security Code – CVV/CID on the back of a credit card is collected from the user and sent to the payment gateway for authorization but is never stored in the database.
  • SSL – All our products fully support SSL
  • Hack Proof - Our products have undergone rigourous testing validation for SQL injection and cross site scripting to prevent unauthorized access to the database.
  • Sensitive customer data like passwords are encrypted using 256 bit encryption.
  • Our modules are programmed to prevent cross site scripting and sql injection attacks.


The following are PCI requirements that are specific to your installation and need to be followed in order for you to be PCI compliant

  • In your web.config file connection string use integrated sql security instead of mixed. SQL server integrated security is more secure
  • Make sure permissions are locked down on sql server to the minimum required by your application
  • Never use the sql server sa password
  • The rest of the pci requirements are related to hosting, network, Windows and SQL Server configuration and lockdown and other physical security requirements.

-Scott


Scott Kelly
Project Manager
DotNetNuke Consulting, DotNetNuke Store and DNN Ecommerce
 
Previous
 
Next
HomeHome Product Discus... Product Discus...Payment Registr...Payment Registr...Customer Credit Card - Security  QuestionCustomer Credit Card - Security Question