Storing Credit Card Info

What would be a secure way to store credit card information?

Some people say that a salted base64_encode() is secure, but I seem to feel that that isn't as secure.

I thought that using Mcrypt would be a better way.

Any thoughts on this?

What would be a secure way to store credit card information?

 

Some people say that a salted base64_encode() is secure, but I seem to feel that that isn't as secure.

 

I thought that using Mcrypt would be a better way.

 

Any thoughts on this?

To be honest, I'm not sure.  I think it depends on your country's/state's laws.  Online credit card security is generally a can of worms an independent developer probably shouldn't open.  The liability alone would make me weary.

It all has to do with PCI compliance and the above poster is correct that you probably don't want to deal with this.  Instead you can use a service like authorize.net or merchant e-solutions and have them store the credit card for you.  Alls you would need to store at that point is a token referencing the securely stored credit on their system.  I designed a system like this before and to be even more secure I even encrypted the token using a two-way cypher: http://www.phpclasses.org/package/6264-PHP-Encrypt-and-decrypt-data-using-Rijndael-256-cypher.html.

With that said I worked for an employer once and my boss didn't care much for the safety of the customers financial data.  We stored the credit card information using a custom written two-way cypher and probably still do to this day.  If I were the decision maker, its not a decision I would make.  You wouldn't want your data to be stored in a non-secure non-PCI compliant manner, would you?

https://www.pcisecuritystandards.org/