How best to process store Credit Card data (C#/ASP.NET/SS2005)

FredZimmerman · Aug 16, 2007

I have an application that is running ASP.NET and C# code-behind on a
secure web server (at ISP).

I want to have users enter credit card numbers (hidden or masked of
course), and pass this string to a SQL Server 2005 back-end.

I'll likely use Asymmetric keys to store the number encryped in SQL
Server table.

I'd like to see a tutorial on best, most secure way to do this.

I know there are different options (HTTPS, encrypting string on web
app side then passing over the wire, etc.)

I want to keep application code straight forward. I can use a third
party library if I can get open license to use it in this commercial
client application, if one is available and inexpensive. Otherwise I
can do it custom myself.

Thanks.

FZ (Atlanta)

Gord Tanner · Aug 16, 2007

Not really a direct answer to your question, but here are a couple of
good free courses that talk about application security and how do
design/develop with security in mind:

Microsoft Security Guidance Training for Developers:
https://www.microsoftelearning.com/eLearning/offerDetail.aspx?offerPriceId=127135
Microsoft Security Guidance Training for Developers II:
https://www.microsoftelearning.com/eLearning/offerDetail.aspx?offerPriceId=127163

=?ISO-8859-1?Q?Arne_Vajh=F8j?= · Aug 17, 2007

I have an application that is running ASP.NET and C# code-behind on a
secure web server (at ISP).

I want to have users enter credit card numbers (hidden or masked of
course), and pass this string to a SQL Server 2005 back-end.

I'll likely use Asymmetric keys to store the number encryped in SQL
Server table.

I'd like to see a tutorial on best, most secure way to do this.

I know there are different options (HTTPS, encrypting string on web
app side then passing over the wire, etc.)

I want to keep application code straight forward. I can use a third
party library if I can get open license to use it in this commercial
client application, if one is available and inexpensive. Otherwise I
can do it custom myself.

http://en.wikipedia.org/wiki/PCI_DSS

Arne

c# asp.net credit card processing	4	Oct 18, 2005
OnePlus January 19 Credit Card Security Update: up to 40k customers may be affected	2	Jan 20, 2018
Pass SecureString value to SQLS Stored Procedure	1	Aug 30, 2007
How to pass an html td onclick event value in wcf service url forkendo ui in asp.net application?	0	Feb 2, 2015
Stored Procedures or Web services	3	Apr 30, 2008
Encrypt/Decrypt Credit Card Data	7	Jun 25, 2009
q; Keeping Credit Card in the database	4	Jul 11, 2007
ASP.NET 2.0 SqlDataSource and SQL 2005 Express Application Role	1	Aug 14, 2008

How best to process store Credit Card data (C#/ASP.NET/SS2005)

FredZimmerman

Gord Tanner

=?ISO-8859-1?Q?Arne_Vajh=F8j?=

Ask a Question

Similar Threads