1

An e-commerce website uses LAMP stack hosted on a single rack-mounted server located at a data center. On every transaction, credit card information is stored in the MySQL database at data center.

For accounting purposes transaction records (including credit card information) is transmitted in standard unencrypted formats, such as CSV or XML files, to the accounting server. At regular intervals, a batch job on the LAMP server pulls new transactions from the MySQL database and sends them via FTP to the accounting server.

Once the accounting is done, transaction records are immediately encrypted and stored in a database on some server.

The e-commerce company has identified several threats that they want to protect the credit card numbers from and these threats are:

  • Database administrator – A company employee with authorized access to the database could log in and pull down credit card information
  • Data center – A data center employee could pull the server out of the rack and take it, along with all the credit card data
  • Internet attacker – An attacker could potentially break into the system and steal the credit card information from the database
  • Internet attacker – The communication of the transaction data from the e-commerce server to the accounting server could be intercepted by an attacker

What is a single secure architecture solution that provides protection for the credit card numbers again all 4 threats mentioned above? Physical security is out of scope and I realize there are many other potential threats, but in this scenario, only 4 above threats.

I came up with encryption technique that can be done while transmitting or storing data Not sure if that's the most appropriate or convincing answer for this question.

Learning Security
  • 11
  • 3
  • 2
    Let me guess, homework question? We can help with homework, but you have to describe what work you have done to answer the question and what answers you came up with. We won't do your homework for you. – schroeder Feb 01 '17 at 18:25
  • @schroeder thanks for letting me know. I came up with encryption technique that can be done while transmitting or storing data – Learning Security Feb 01 '17 at 18:28
  • 1
    why do you need to store the credit card number at all? – dandavis Feb 01 '17 at 20:10
  • @dandavis for batch processing or think of it some other PII (personally identifiable information) eg. most websites like amazon, ebay offer to save credit card info. for future transactions – Learning Security Feb 01 '17 at 20:17
  • @LearningSecurity: encryption? Yeah, great, but where do you store the keys used for decryption? – symcbean Apr 03 '17 at 04:04

2 Answers2

1

The easiest, cheapest, and most secure way to deal with credit card data and remain PCI compliant for small business is not to deal with credit card data. Use a third party payment provider like Paypal, Stripe, Google Wallet, eWAY, Braintree, etc so you don't have to deal with securing the credit card data. Many of these payment processors also has features for preauthorized transactions for future transactions and subscriptions.

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93
  • Sure, third party payment provider option seems best but let say in this case we don't want to use third party or even third party has to somehow store them for future use. What and how does Amazon and other e-commerce sites store user credit cards? – Learning Security Feb 03 '17 at 15:32
  • They usually do that by using a payment processor, either a third party company or by spawning a subsidiary payment processor separate from their ecommerce business. For example eBay and PayPal and Amazon and Amazon Payments. If you really want to process cards yourself, you're looking into reading the [PCI-DSS](https://www.pcisecuritystandards.org/pci_security/). Now that PCI-DSS specified not just technical security but also how the business should be run, operational processes, and the like because good security is rarely just about the software but mostly about the human part. – Lie Ryan Feb 04 '17 at 05:29
  • Architecturally speaking, the way to secure things aren't that document between regular companies and payment companies. You use encryption in storage and transit, HSM, access control, making auditable logs, etc. It's the human processes like auditing those logs, key management practices, ensuring that you only keep what you need, regular security reviews, etc that sets apart good security practices from lip service. – Lie Ryan Feb 04 '17 at 05:37
0

Rather than an architecture change, consider a business process change by attempting to justify the need to store the credit card numbers at all.

user138080
  • 11
  • 1