Advice on Storing Credit Card Information???

[RWX]

For my current project, my client need the ability to store credit card information for his customers. Customers pay for things over time, so the company needs to keep credit card numbers, expiration dates, etc. on file. I've never dealt with anything like this before and would appreciate any advice on the subject.

The system is networked and accessible via the Internet, so security is very important! Each user will have his/her own login (managed by FileMaker), but surely that isn't enough. How should I store these numbers? Is there a way to encrypt/decrypt them as needed? This is all new to me...so I'm all ears!

Thanks!!!

-Rob

[RalphL]

I would use one of the encription plug-ins.. Troi makes one and there is a free one.

See FileMaker site http://www.filemaker.com/plugins/

[transpower]

Cannot resist, Ralph: it's "encryption." If Rob gets FileMaker Server Advanced, he can encrypt his data using Secure Socket Layout (SSL).

[RWX]

Thanks RalphL and transpower. I'll look into both solutions...

-Rob

[DykstrL]

Just a sggestion, but for additional security of the customer's sensitive data, I would NOT store any of that data in a file on a machine with access via the internet. If you are collecting the data via a web page (hopefully a secured page) that data should be moved to a secure database inside your firewall as soon as the transaction is complete.

I would only store credit card data on the web accessible database in a format such as:

"************6789"

that gives just enough info to determine what card was used/referenced - NOT the complete number.