July 14, 2010 at 8:19 pm
We have a DB where we have sales information and customer Information. We also have fields with credit card numbers and social security numbers. We have to mask those numbers restricting their visibility to 2347 XXXX XXXX 8752 or 23XX XXXX XXXX XX52. The same to be applied to XXX XXX 3456.
And most importantly we want to do it with SQL Server 2005.
All this is a part of becoming PCI compliance.
Any thoughts suggestions are welcome.
[font="Verdana"]
Today is the tomorrow you worried about yesterday:-)[/font]
July 14, 2010 at 8:42 pm
PCI compliance can be a hairy topic. Are you concerned with masking the data, and never getting the original values back, or encrypting it, and just masking it most of the time to your users?
I highly recommend the encryption chapter in Professional SQL Server 2005 Development, http://apress.com/book/view/9781590597293
July 15, 2010 at 4:52 am
Encryption of this sort of data should be a given anyway. Here's a good link:
http://www.kodyaz.com/articles/sql-server-2005-database-encryption-step-by-step.aspx
You can do a string manipulation of the decrypted data - in a stored procedure - and just return a string of all those X chars with the last 4 characters of the card shown.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply