Security issues when collecting and storing bank account details in php / mysql application

Question

Security issues when collecting and storing bank account details in php / mysql application

We were asked to explore the possibility of an application for collecting bank account numbers and sort codes and temporarily storing them for offline processing through a paperless direct debit system.

Data will be collected from site visitors through a 256-bit SSL connection and stored in the mySQL database for later collection by our client. This data will be temporarily stored until it is downloaded, after which it will be deleted from the database.

More: We host several other sites on this particular server. No one has shell access or FTP access to the server. Server is compatible with PCI Mod_security and other software running on the machine.

I know that this is very similar to this question Recommendations for storing banking information in a database , and appreciate that most of the answers should be clear.

I understand that the list of security considerations is potentially very large.

What specific areas of security should we focus on?

+5

security php mysql banking

Studio4 Aug 9 '11 at 13:57

source share

1 answer

mh. · Accepted Answer · 2011-08-09T15:07:32+0000

Use asymmetric encryption so that the data is encrypted before being inserted into the database, but you do not store the necessary key to decrypt the data on the server.

This key should only be stored on the client side, so it can decrypt it after retrieving it from your server.

- . MySQL, , MySQL . IP-, , , VPN .

openssl_* PHP.

, / .

Security issues when collecting and storing bank account details in php / mysql application

More articles: