Securely Storing Customer Details - DevHunters.com l Webmaster Forum - Web Advertising - Web Design

Lord_Webby · 10-08-2008, 09:39 AM

I am creating a site that will be used to hold information about customers and their credit cards. I will not be storing or processing PAN (Primary account numbers) in any way, so I know PCI-DSS (Payment Card Industry - Data Security Standards) do not apply. But does anyone know of any regulations regarding storing customer data in a database?

The Data Protection Act is a bit vague - I can't seem to find information regarding specifics. For instance, I've been told that if you are holding customer data it needs to be on a seperate server to the website. Is this true?

Does anyone know of any specific documents / standards regarding storing customer information entered through the web?

Any help would be appreciated. Thanks.

Hunter1 · 10-08-2008, 10:26 AM

I am trying to totally understand your question. Here are some thoughts:

1. Your database is only as secure as it was built from your script maker but someone that knows what they are looking at would have to look and address any types of potential Hack Dangers.

2. Does the script you are using have a setup for an SSL certificate?

Lord_Webby · 10-08-2008, 10:39 AM

Well, so far I have methods for securely writing to the database using PHP and encryption, the site will be hosted on one server with the database on another (both with firewall - database server only allowing connections on the MySQL port). The web server will be using an SSL certificate.

10-08-2008, 09:39 AM	#1 (permalink)
Lord_Webby New Hunter Join Date: Oct 2008 Posts: 2 Hunter Bux: 0 iTrader: (0)	Securely Storing Customer Details I am creating a site that will be used to hold information about customers and their credit cards. I will not be storing or processing PAN (Primary account numbers) in any way, so I know PCI-DSS (Payment Card Industry - Data Security Standards) do not apply. But does anyone know of any regulations regarding storing customer data in a database? The Data Protection Act is a bit vague - I can't seem to find information regarding specifics. For instance, I've been told that if you are holding customer data it needs to be on a seperate server to the website. Is this true? Does anyone know of any specific documents / standards regarding storing customer information entered through the web? Any help would be appreciated. Thanks.

10-08-2008, 10:26 AM	#2 (permalink)
Hunter1 Senior Staff 7up Pinball Champion! Baccarat Champion! Chingy Powerballin Champion! Join Date: Mar 2007 Location: Indiana USA Posts: 2,296 Hunter Bux: 18,026.33 iTrader: (9)	I am trying to totally understand your question. Here are some thoughts: 1. Your database is only as secure as it was built from your script maker but someone that knows what they are looking at would have to look and address any types of potential Hack Dangers. 2. Does the script you are using have a setup for an SSL certificate? __________________ l GuideHunters.com l Devhunters.net Directory l Web Directory l Be a star in The DevHunters Directory

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

10-08-2008, 10:39 AM	#3 (permalink)
Lord_Webby New Hunter Join Date: Oct 2008 Posts: 2 Hunter Bux: 0 iTrader: (0)	Well, so far I have methods for securely writing to the database using PHP and encryption, the site will be hosted on one server with the database on another (both with firewall - database server only allowing connections on the MySQL port). The web server will be using an SSL certificate.