Responsible Handling of Billing Information?

moving on asks: "I've been asked by a client to build a fee based subscription service using surepay as the vendor for processing credit card transactions. Subscribers to the service will be billed X amount per month and that is the rub. Surepay does not offer recurring billing so I will need to store credit card numbers and related info. The question is then, how does one best do this in the most responsible manner?" The trick here is giving consumers the service they have come to expect from most websites, without exposing their personal information to would-be thieves. Do you think such a system is possible?

Cart before the horse

[rhizome]

Why not use a billing service that supports the subscription model you want, rather than trying to find some minefield-laden path toward storing credit card info?

Internal Controls

[jayfoo2]

Absolutely key to securing financial data (or really any data) is the use of good internal controls.

Most technologists spend a lot of time securing their data from external attack (i.e. a cracker). This is important but it is not the most likely threat.

Well over half of all thefts of financial data are committed by employees/trusted users of the company. Sometimes by the people who maintain the system and sometimes by others.

You combat this two ways. First with technology, the system (in this case probably a database) that contains the data should be access controled. It is also a good idea (and required by visa/MC) to encrypt the data. Another thing to watch out for is that you are not putting the credit card data into any other places, i.e. log files. you need to physically control access to the hardware running the system. Finally watch out for your backup tapes/media, especially if they are stored offsite.

On the soft side you want to have good audit controls on the data. Whatever method is used to access the data should leave a record of it doing so in a manner that is hard to compromise. People who don't need access to that data should not be allowed near it. Finally you need to be able to trust the people with access to the sensitive data, depending on the level of sensitivity this could involve cursory or invasive background checks. Banks background check their employees rather carefully, and for a reason.

Re:Split up the CC#

[GigsVT]

That is the worst idea I have ever heard. Suppose you decide to store the latter half of the card number in a cookie, and some other site decides to store the beginning part in a cookie, using your method, bam plaintext credit card number on the user's computer, which is probably the least secure place for it to be stored in plaintext, since they probably have an open read-write SMB share hanging out from the latest MS worm.

This goes to show why it is very dangerous to "Ask Slashdot" about anything important or security related.