I don't have any current systems that store credit card numbers but
I do have one site that requires encrypted data storage for private
information. For that I'm using the loopback encrypted filesystem
with the crypto kernel patch for the Linux 2.2.18 kernel.
I'd actually like to implement a system similar to what
Philip
Greenspun describes with a public and private key but in a
slightly different way. (unless a credit card processor can or
already has been convinced to implement the public/private key
method of handling credit card numbers)
My idea would require a separate machine that contacts the credit
card processor for a decision. A public and private key are
generated and the public key is stored only on the web server, the
private key only on the card processor server.
- The web server machine receives the order and stores the
encrypted credit card number using our public key.
- The web server machine triggers the credit card processor
machine to retrieve a decision
- The card processor machine decrypts the credit card number using
the private key and makes the SSL connection or whatever secure
means the credit card processor has set up and retrieves the
decision, storing it in the database
If an instant decision is required then some communication may be
required between the web server and the processor machine but that
can be limited to something like "get me a decision for order
#2341". "OK, I'm done with order #2341. Go check the database for
my decision".
The store we used to run a couple of years ago (discontinued for
reasons completely unrelated to security) used to store the credit
card numbers in plain text and depend on our wonderful security
elsewhere to keep them safe.