PCI compliance - storing billing data
https://stackoverflow.com/questions/7745747
-
09-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
I am developing a shopping cart and if possible, would like to store:
Name Billing Address Zip Code
Into a MySQL database. This would be nice because returning customers wouldn't have to re-enter billing information each time they check out. I am not going to store any credit card data.
Would I be in violation of PCI standards by doing this?
المحلول
PCI Compliance does not cover the storing of a customers Name, Address etc. It deals with the handling of credit card data. From a PCI compliance perspective as long as you store no more than the last 4 numbers of the credit card in plain text you should fine to store the customers billing information for use on a future visit.
Of course it has never hurt to be super security conscience and to store all customer information encrypted, but as long as you are noting storing credit cards you should be fine to store customer name, address etc.
نصائح أخرى
I think you can encrypt and store them. Then you have to decrypt it before using. You can't show it decrypted anywhere.
