Storing credit card details with mcrypt or GnuPG

Question

I have a requirement to store credit card details (not storing is NOT an option).

Using mcrypt with mcrypt_dev_random to generate init_vector takes varying ages to encry

Answer 1

If you really want to store credit card information securely, there's a standard for it: Payment Card Industry Data Security Standard. And it's a lot more involved than using one specific encryption algorithm. It requires you to store parts of the card details on two physically separate machines, among many other things. And even if you follow the PCI standard to the letter, experts argue you're still not entirely secured. Anything less than that is pretty much not worth discussing in detail, since the overall level of security is so low that it hardly makes a difference.