How do you securely store my credit card information?

Security practices we use to keep your information safe.

Zenutech staff, while achieving their degrees in Computer Science, studied encryption algorithms and have an intimate understanding of those we use to protect your information. We use the latest, most secure encryption algorithms and processes for storing credit card information, referred to in the industry as card holder data (CHD).

During the ordering process we encrypt your CHD using MySQL’s AES encryption functions. The Advanced Encryption Standard (AES) is a symmetric-key encryption algorithm used by the US Government and many other organizations around the world to secure sensitive information. For extra security, we remove all CHD for orders that have been inactive for more than 3 hours.

For long term storage (automatic billing), we use the RSA public-key encryption algorithm to encrypt credit card numbers. With public-key encryption, your CHD is encrypted using the public key (stored on the server). Your CHD can then only be decrypted with the private key (stored offline, somewhere safe). When your invoice is due, an administrator logs into our system, enters the private key to decrypt your CHD and process your invoice. Only trusted members of our staff have access to the private key to decrypt your CHD.

Why are we telling you this? Wouldn’t it be safer to keep this information a secret? This is a well known argument in the security industry known as security through obscurity. Essentially if an intruder gained access to our system, the information above would not help them decrypt your CHD. We’ve also taken additional measures not described above to add confusion to our encryption/decryption processes that could confuse an intruder. It is important to us that you understand that we are using proven practices to keep your information safe.

If you have any questions about how we protect your information, don’t hesitate to contact us.

Posted 2011-01-09 in Account Management