securing sensitive info ( SS number, credit card number, etc) on an on-line member application form
Application security, Exchange, Instant Messaging, Encryption, Database, secure coding, Web security, access control, Browsers, SSL/TLS, filtering, Servers, Web site design & management
My client (a University Club) wants an on-line membership application form. Right now the form contains name, address, age, social security number, credit card number, and telephone number + a bunch of other information.The Club administrator is going to get the data and enter the information into her access database on her PC in the office.
My question is how to best secure the sensitive data, but still get the information from the prospective member's browser to the club administrator?
Are there any good ways to do this other than below:
1)Send the application form to her without the sensitive data and have her call the applicant to get the address, telephone number, SS # and Credit Card #. This seems like it is the absolutely best way to be totlally secure. This way I also don't need the expense of SSL. It's a two step process and a pain but safe.
Everything I have read says do not keep sensitive data on the web server in any form (in a mySQL database or an encrypted file).
The web server is Linux and I can use MySQL and PHP. But I am very leary of keeping the Social Security number and the credit card info on the server for any length of time - even if is for only a few days.
Any advice would be appriciated. As you might tell, I do not have much experience in securing sensitive data.
Regards,
Bill Schaepe
0
