Storing Credit Cards in FileMaker

[nscheffey]

Hey all-

My boss wants my newly created FileMaker Sales System to store the credit card info of our customers. Naturally, this makes me nervous. What is the common wisdom on this subject?

Is storing the number in a field and then guarding our FileMaker log-in passwords an acceptable level of security? Is there an additional level of encryption necessary (and is there even any encryption of the data in FileMaker)? Should we not store them at all?

Thanks in advance for any input,

Nate

Edited May 25, 2007 by Guest

[Fitch]

Some people will tell you not to store the cards at all. I say go ahead, but you should use encryption. We currently use the Troi Encryptor plugin. That way, even if someone is able to export the data, it will be scrambled and unusable.

[nscheffey]

Thanks for the reply Tom.

So using an encryption plug-in is the way to go? That's what I was thinking. But, correct me if I'm wrong, if a malicious user gains access to our FileMaker system they will be able to decrypt the credit card info (using the plug-in)? I.e., if they have our database file they will not be able to extract credit card info, but if they have the database and the password they will? I'm just trying to clarify the level of security here.

Thanks again,

Nate

[Bozkid]

I'm not sure I'd chance even that since liability includes fines and penalties that, I believe, begin at $50,000 per incident, i.e., each compromised credit card. This is one reason that the receipts that credit card machines print out now show only the last four digits of the card number. Storing the untruncated card number in a database is really unecessary and puts you and your business at risk. If you're not alreaady familiar with them, the PCI Data Security Standards are well worth checking out. See, for example, http://www.mastercard.com/us/wce/PDF/10171_MasterCard_Industry_Letter.pdf.

[Fitch]

...if a malicious user gains access to our FileMaker system they will be able to decrypt the credit card info (using the plug-in)? I.e., if they have our database file they will not be able to extract credit card info, but if they have the database and the password they will?

In our solution, the only way to decrypt the card numbers is one at a time. It also writes a history log every time a card number is accessed. No end-user has access to scripts so the only way someone could steal the list of card numbers would be to physically have access to the file in single user mode and hack the password, or if they somehow got access to the developer password. If your users have access to scripts then the security risk would be too great.

Storing the untruncated card number in a database is really unecessary and puts you and your business at risk. If you're not already familiar with them, the PCI Data Security Standards are well worth checking out.

Your point is well taken Bozkid, however if you have a need to do recurring billing then you don't have a lot of choice. We follow the guidelines below (quoted from your link, thank you for that).

Do not store the following under any circumstance:

– Full contents of any track from the magnetic stripe on the back of the card.

– Card-validation code—the three-digit value printed on the signature panel of a card.

Store only that portion of the customer’s account information that is essential to your business — i.e. name, account number or expiration date.

[Steven H. Blackwell]

If you don't have to store the card numbers, then don't. if you do, the encrypt thgem with a stong algorithm. And do not store the key in the file.

Steven