OK let me get this straight, We have a pay invoice on our website you submit your info that gets stored in a sql database. Every day a girl in our office checks a password protected back end that displays the info in from the sql database. My question is if I use DES BLOWFISH OR AES i have to use generatesecretkey which is random. If I don't know what that key is how do I decrypt the cc info on the back end. I can't store that key in the database next to the cc number that would defeat the whole purpose.

That's why i ask why can't I use CFMX_COMPAT if they get into the database and don't know what the key is how do they decrypt the number.

Well, like I said at am not familiar with storing CC's. So I am really not the one to be giving you advice on how to properly secure them. What I will say is that assumedly, Adobe engineers are familiar with encryption, and if they say it is the least secure of the methods, I personally believe them.

Plus, credit card companies can have their own restrictions about merchants storing credit card information. As I understand it, it is not like you can just decide to store information and it is okay with them. You have to be certified and meet certain requirements - of which encryption is probably only one. Only they can say whether or not your setup meets their requirements.

While I may not be able to answer your questions, I think hhamdan is giving you bad advice. He seems more interested in providing "an answer" than trying to provide the correct answer. My advice would be to seek an another area or another forum with more focus and experience with security. But that is just me, and I am not the one who may be held liable. So the choice is yours.

Well I got the strong encryption to work further investigation i can use a stored key for aes, des, and blowfish, I guess I'll worry about the " when i come across it. So far I tested about 15 cards and none show the "

Thanks for everyone's input at least I learned something new!

Do the customers know you are storing there credit card numbers? Do the credit card companies know about this? I think that both parties would have a problem with you storing this information without their knowing and without you having the proper security credentials.