{"id":5974,"date":"2019-02-14T10:00:47","date_gmt":"2019-02-14T09:00:47","guid":{"rendered":"https:\/\/paynopain.com\/cryptography-encryption-methods-and-hashing-how-pci-companies-store-data-securely\/"},"modified":"2026-03-06T07:31:16","modified_gmt":"2026-03-06T06:31:16","slug":"cryptography-encryption-methods-and-hashing-how-pci-companies-store-data-securely","status":"publish","type":"post","link":"https:\/\/paynopain.com\/en\/blog\/cryptography-encryption-methods-and-hashing-how-pci-companies-store-data-securely\/","title":{"rendered":"Cryptography, encryption methods and hashing: how PCI companies store data securely"},"content":{"rendered":"

 <\/p>\n

Expert post<\/h4>\n

Andr\u00e9s de la Cruz, Web Developer at PaynoPain<\/strong><\/p>\n

 <\/p>\n

In a business sector such as fintech<\/strong>, where a huge amount of personal data is stored and manipulated, security is a decisive factor and must not only be taken into account, but must be used consistently.<\/p>\n

The most important data that a user trusts when making an online payment are those related to their debit or credit card. Information that companies like PaynoPain<\/b> store in order to offer services such as returns, monthly charges, purchases with a single click, etc. This data can\u2019t be stored in any way: this data must be encrypted. We enter fully into cryptography.<\/p>\n

 <\/p>\n

<\/span>What is cryptography?<\/b><\/span><\/h2>\n

It\u2019s the science that makes use of mathematical methods and tools with the main objective of encrypting, and therefore protecting, a message or file by means of an algorithm, using two or more keys, to obtain in some cases the confidentiality, in others authenticity or both simultaneously. It consists in the conversion of data into a code encoded to be illegible.<\/p>\n

In other words, we transform a message into something intelligible that we can only read if we have the secret key. It can also be a pdf, an email, a multimedia file, etc.<\/p>\n

Cryptography is not something modern and doesn\u2019t have to be computerized. Already in the Roman times of Julius Caesar, different methods were used so that the documents that were transported by messengers couldn\u2019t be understood by anyone.<\/p>\n

\"Cifrado<\/p>\n

In the so-called C\u00e9sar cipher the letters were coded by moving the corresponding letter a number of times in the alphabet. In the image we can see a displacement of 3 letters.<\/p>\n

In this way, the word PAYNOPAIN<\/b> would be encrypted as: SDBPRSDLP<\/b>.<\/p>\n

As the story progresses, the mathematical calculations for encryption have become incredibly complex and varied, while the power of computers has been increasing. This means that some encryption methods are no longer safe, because a computer can find the secret key in a short time. It also means that choosing how to encrypt the data is essential and that the excess of information in these cases can make you choose a bad encryption method. But before continuing, we should differentiate when to encrypt and when not.<\/p>\n

 <\/p>\n

<\/span>When do you have to encrypt? Encrypt or hash?<\/b><\/span><\/h2>\n

Before the boom of online payments, the most important data that all web platforms should keep were users passwords. The passwords are secret and nobody except the users should know them. This means that it\u2019s a data that should not be recovered.<\/p>\n

Many companies use encryption methods for passwords that by their own use, as we have seen previously with C\u00e9sar encryption, allow to recover the original content of the message.<\/p>\n

Passwords are a bad example of using encryption. For the occasions in which the content shouldn\u2019t be able to be recovered are the so-called hashing methods.<\/p>\n

Hashing a message is also to make it intelligible, but with the peculiarity that the resulting message doesn\u2019t contain the original.<\/p>\n

\"Encrypted<\/p>\n

However, for credit and debit cards data must necessary to be used encryption and it\u2019s something so critical that there are standards that regulate which and how data should be encrypted. We\u2019re talking about the PCI DSS (Payment Card Industry Data Security Standard)<\/b> standard that allows companies to operate with this information. At PaynoPain we have this certification and we renew it annually<\/a>.<\/p>\n

 <\/p>\n

<\/span>Encryption methods<\/b><\/span><\/h2>\n

Choosing an encryption method is always an important decision and the different methods must be analyzed before taking it. The PCI standard maintains a list of recommended methods that will be updated as new ones are developed.<\/p>\n

Next, we review some of the best known ciphers and their technical specifications:<\/p>\n

DES: <\/b>52 bit stream encryption standard used in 1976. The 56 bit string is very short, so it\u2019s able to commit in less than 24 hours.<\/p>\n