views:

31

answers:

2

I am currently working on an ASP.NET 3.5 and C# web application which deals with users secure information like credit card numbers. What are some of the security measures which I need to take from an application development stand point so that I can sleep peacefully at night :)

+3  A: 

If you process credit card numbers in your application, you have to follow the Payment Card Industry Data Security Standard:

The standard applies to all organizations which hold, process, or exchange cardholder information from any card branded with the logo of one of the card brands.

tangens
+2  A: 

Depends on your location and what you do with the credit card information. If you accept credit cards, you're going to need to be, at a minimum, PCI compliant. Search for "PCI Compliance" and you'll see there's a whole industry that's sprung up just to support organizations being able to be PCI compliant.

You may want to look at using 3rd party gateways for your credit card processing, which will reduce your overall exposure, and limit the amount of credit card information you store, and make sure you store it in a secure, compliant manner.

No matter what, you want to design this type of compliance from the start. Adding it on after the fact will cost you an order of magnitude more.

Robaticus