Best practices to store CreditCard information into DataBase

Question

In my country the online payments are not an old thing, the first time i saw a web application taking payments directly to a local bank account was last year.

So, Im

Answer 1

In 2020, use Stripe, and avoid storing payment information yourself.

HISTORICAL ANSWER:

For this, I recommend a comprehensive, layered approach.

First, storing credit card info should be an option.

Secondly, the data should be stored securely, using a strong form of encryption. I recommend AES with 256bit key size. Make sure when choosing your key, you use the entire keyspace (it's a rookie mistake to just use a randomly generated alphanumericsymbol string as a key).

Third, the AES key needs to be properly secured. Do not embed the value inside your code. If you are using windows, consider using DPAPI.

Fourth, you will want to setup database permissions so that applications and computers will have access on a need to know basis.

Fifth, secure the connection string to your database.

Sixth, ensure that any application that will have access to the credit card data, will properly secure it.