存储信用卡号码 - PCI?
什么是PCI规则遵循存储在数据库中的信用卡号码?
What are the PCI rules to follow for storing credit card numbers in a database?
1),这可以吗?
2)如果是这样,有什么规则我们必须遵循?
1) is this allowed? 2) if so, what rules do we have to follow?
进出口寻找在这个网站https://www.pcisecuritystandards.org/security_standards/index.php
我应该是哪个文件阅读在这里?
Im looking at this site https://www.pcisecuritystandards.org/security_standards/index.php which document should I be reading here?
1)是的,这是允许的,但的非常的气馁。在你的数据库信息让你一个非常有吸引力的目标黑客。如果你觉得你可以保护它,再想一想。黑客们击败企业的安全性具有优良的安全性。您的安全不会有任何改善。
1) Yes, it is allowed but very, very discouraged. Having this information in your database makes you an extremely attractive target for hackers. And if you think you can protect it, think again. Hackers have defeated the security of companies with excellent security. Your security won't be any better.
2)你必须遵循本指南概述的PCI规则。但你会发现本指南更容易理解。去14页,你需要知道的。基本上可以存储它,但它必须根据PCI标准进行加密。您的服务器和网络也必须是安全的。如果有任何一块拼图是不是符合PCI标准不能存储信用卡号码。这排除了大多数共享的托管公司作为解决方案。
2) You have to follow the PCI rules outlined in this guide. But you may find this guide easier to understand. Go to page 14 for what you need to know. Basically you can store it but it has to be encrypted according to PCI standards. Your server and network also must be secure. If any piece of the puzzle is not PCI compliant you cannot store the credit card numbers. That rules out most shared hosting companies as a solution.