1

I have a client who is wanting to store uploaded images of customers credit cards on the server.

Is there a best practices guide for preventing outside access to the images or protecting from an attack?

Currently using a few htaccess to prevent users from accessing folder but it doesn't feel very secure.

Improve this question
4
  • 4
    I want the name of that website to make sure I never ever go there. This must be by far the worst idea I've come across in quite some time. Storing cardholder data is subjected to PCI-DSS, which is a bazillion times more strict that just putting htaccess "protection". In my opinion, try to convince your customer to stop this practice and if you fail, run away. Fast.
    – fvu
    Commented Jun 8, 2018 at 22:21
  • 3
    This might also be against the Visa/MC/Discover/etc. vendor agreements. It's a really bad idea!
    – Dave S
    Commented Jun 8, 2018 at 22:23
  • I will recommend they not proceed, but is there a good, safe, secure alternative? The company is not American based, so I don't know if that would have a bearing or not.
    – Robbie
    Commented Jun 8, 2018 at 22:33
  • I don't think the geographic location is that important. And the only really safe (and juridically acceptable) alternatives are either not storing these data, or go full pci-dss compliant.
    – fvu
    Commented Jun 8, 2018 at 22:37

1 Answer 1

Reset to default
3
  1. Storing actual images of credit cards is a terrible idea.
  2. Get legal help

These are just minimum guidelines not hard fast rules that you can take into court.

At minimum the raw data would have to be encrypted. Your better off creating a database, and having the data transcribed or OCR into normal fields.

I am sure the PCI-DSS has guidance for what level and type of encryption is needed to protect the database.

A database is better because the actually data lives outside the reach of the web server. Then the PHP would have to give a secure username and password to access the data because it has to authenticate against the database.

The username and password would have to be manually entered by the end user or site administrator to access the data.

There is a lot of hardening your going to have to do to make it acceptable.

Here is a starting point. https://security.stackexchange.com/questions/59520/how-to-store-credit-card-information-for-repeated-transactions-and-still-be-pci

Ask more question in the security community at stack exchange.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.