1) Yes, it is allowed but very, verydiscouraged. Having this information in your database makes you an extremely attractive target for hackers. And if you think you can protect it, think again. Hackers have defeated the security of companies with excellent security. Your security won't be any better.

1) 是的，这是允许的，但非常非常不鼓励。将这些信息保存在您的数据库中会使您成为黑客极具吸引力的目标。如果您认为可以保护它，请再想一想。黑客以极好的安全性打败了公司的安全性。你的安全不会更好。

2) You have to follow the PCI rules outlined in this guide. But you may find this guideeasier to understand. Go to page 14 for what you need to know. Basically you can store it but it has to be encrypted according to PCI standards. Your server and network also must be secure. If any piece of the puzzle is not PCI compliant you cannot store the credit card numbers. That rules out most shared hosting companies as a solution.

2) 您必须遵守本指南中概述的 PCI 规则。但是您可能会发现本指南更容易理解。有关您需要了解的信息，请转到第 14 页。基本上你可以存储它，但它必须根据 PCI 标准进行加密。您的服务器和网络也必须是安全的。如果拼图的任何部分不符合 PCI 标准，您将无法存储信用卡号。这排除了大多数共享托管公司作为解决方案的可能性。

This is not a direct answer, but a suggestion. Please don't downvote; I'm just trying to be helpful. After much experience with PCI compliance, I strongly suggest you avoid having credit card information on your systems if at all possible.

这不是直接的答案，而是建议。请不要投反对票；我只是想提供帮助。在获得 PCI 合规性方面的丰富经验后，我强烈建议您尽可能避免在您的系统上使用信用卡信息。

The approach we have used (with great success) is Tokenization. There are services that will collect and store your credit card information for you. You make an API call to get a token, generally a hash of some kind, which represents the credit card's primary account number. When you want to bill the card, you pass the token and other transaction details, and they process they payment.

我们使用的方法（取得了巨大成功）是标记化。有些服务会为您收集和存储您的信用卡信息。您进行 API 调用以获取令牌，通常是某种哈希值，表示信用卡的主帐号。当您想向卡收费时，您传递令牌和其他交易详细信息，然后他们处理他们的付款。

Here is an straightforward article about the process: http://www.creditcards.com/credit-card-news/tokenization-to-fight-credit-card-id-theft-1282.php

这是关于该过程的简单文章：http: //www.creditcards.com/credit-card-news/tokenization-to-fight-credit-card-id-theft-1282.php

There are lots of options for this these days:

这些天有很多选择：

• https://www.adyen.com/blog/tokenization-payment-technology-guide
• http://www.elementps.com/software-providers/security/pass/
• http://www.cybersource.com/products_and_services/payment_security/payment_tokenization/

• https://www.adyen.com/blog/tokenization-payment-technology-guide
• http://www.elementps.com/software-providers/security/pass/
• http://www.cybersource.com/products_and_services/payment_security/payment_tokenization/

For more information on that approach you can use the Google Search: Credit Card Tokenization.

有关该方法的更多信息，您可以使用Google 搜索：信用卡标记化。

You can but it's expensive to do.

你可以，但这样做很昂贵。

You need to have DNS provided by another service or a dedicated DNS server.

您需要有其他服务或专用 DNS 服务器提供的 DNS。

You need to have a dedicated server running your SQL Server database and nothing else.

您需要有一台运行您的 SQL Server 数据库的专用服务器，而不是其他任何东西。

You need to use PCI approved software.

您需要使用 PCI 批准的软件。

Your Database server needs to be within the same Data center as your Web Server else you will have poor performance.

您的数据库服务器需要与您的 Web 服务器在同一个数据中心内，否则性能会很差。

So it's best to either host your site on a PCI secure host or setup your servers as I described.

因此，最好将您的站点托管在 PCI 安全主机上，或者按照我的描述设置您的服务器。