Protecting Your Customers’ Credit Card Details From Hackers

Assuming you don’t want to use a payment provider, then there are a few steps that you can take to protect your customers’ credit card details.
Don’t store details you don’t need to keepIf you do want to process the details yourself then safety is paramount. One such admission of hacking could destroy your reputation, your website and your business. If you have processed the card, why keep the details online? Consider archiving them off line and then deleting them off the database.
Protect your dataWhilst those details are on your database, can you split up the details? Have two separate databases, with separate passwords, userids and so on. Not just separate tables, different databases. That way a hacker has to get access to both of your databases. Just in case this happens tie up the two parts of the data with a hidden key. Giving them the same key makes life easy for everyone, but if one part of the data has a key that has to be calculated, only those in the know about the calculation can match the two parts of the data.
Even something as simple as giving the order and address a consecutive key and for the stored credit details adding a number to that key and doubling it could be enough to stop a hacker For example 1, 2 and 3 for the address and 8, 10 and 12 for the card details.
Secure your adminBut this does not work if the hacker gets onto your admin by discovering your passwords. Don’t store passwords in open text. Use MD5 or similar to encode them before storing them on the database, or just do not store them on the database! Make sure that your database logon routines are well hidden and protected and can only be ran from your website code.
Your admin should use not just a password, but a userid as well and be on the lookout for failed logon Commercial Emi Calculator attempts. At the very least send yourself a warning email if there are a lot of failed logon attempts.
Who sees your data?Lastly, think about who you give access to. Do all of your staff need to have access to the financial details that you are capturing, or just 20 Financial Management Concepts a couple? If some staff need to sign on to update products then give them access that just allows that access, don’t show them the credit card details.

READ  What You Need To Know Before You Apply For A Home Loan