16 When using any type of encryption signature or digest is

16. When using any type of encryption, signature, or digest, is it better to try to do as much as you can yourself, or rely on libraries written and vetted for that purpose, why?

17. What does it mean to be PCI compliant?

18. Should credit card numbers be stored in a typical database? Why?

19. How can a web applications with average security take credit card payments?

Solution

16. If you can\'t do that, use a high-level crypto library. Don\'t re-use the same key for both purposes. Try to avoid using

passwords as encryption keys. If you don’t think that it is secured you can rely on libraries.

17. The Payment Card Industry (PCI) applies to companies of any size that accept credit card payments. If your

company intends to accept card payment, and store, process and transmit cardholder data, you need to host your

data securely with a PCI compliant hosting provider.

18. First, storing credit card info should be an option. Or the data should be stored securely, using a strong form of

encryption or you will want to setup database permissions so that applications and computers will have access on

a need to know basis. By doing these we can store the data well in database.

19. If the web application known to be bad in taking secured credit card payments they will tie up with the third

party applications which are more secure in market that portal will pass to the application during the payment time

so the payments will be secured anytime.