Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement tokenization #85

Closed
adonese opened this issue Nov 14, 2020 · 0 comments
Closed

Implement tokenization #85

adonese opened this issue Nov 14, 2020 · 0 comments
Labels
pci PCI compliance issues

Comments

@adonese
Copy link
Collaborator

adonese commented Nov 14, 2020
edited
Loading

PCI compliant documents tokenization process as follows:

  • tokenization shouldn't be derived from the card info

  • we can not mathematically speaking, retrieve a pan from its tokenized data

  • tokeniation does allow for using a cryptography secure function to generate a hash value that can be used as a token for card info

  • pci strictly forbids storing cvv / cvv2 / or magnetic stripe track info

  • pci doesn't forbid storing expiration date

  • pci does forbid storing ipin/ pin/ and other authentication data

However both Stripe and OpenPay allows for storing: PAN, expDate, and CVC

CVV: card verification value AND CVC: card verfication code can be used interchangeable

With that in mind, our PCI compliant noebs vault will be like the following:

/api/tokenize

  • PAN
  • IPIN
  • ExpDate

Response:

  • ID
  • Fingerprint (for fraud detection)

In server:

ID =>

Our super secure hash function =>

internal ID (UUID)

  • PAN
  • IPIN
  • ExpDate

It is really tricky.
@adonese adonese pinned this issue Nov 14, 2020
@adonese adonese added the pci PCI compliance issues label Nov 14, 2020
adonese added a commit that referenced this issue Dec 5, 2020
@adonese
implementing tokenization fixing Implement tokenization #85
f41b039
@adonese adonese closed this as completed Jan 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pci PCI compliance issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adonese