Re: Credit card arrangement

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 63531
interpreted = N
texte = What about encrypting the CC# and date, and writing them to the client's computer, rather than storing them on the server? On Nov 30, 2005, at 8:23 PM, Bess Ho wrote: > Boy, Bob. I didn't know you have to deal with the HIPAA too. Are > you dealing with healthcare clients? > > We have "intelligence" system to process payment without storing > the card at site. It will be clean with HIPAA. It is not AuthorizeNet. > > If you are interested, we can talk offline. > > Bess > > -----Original Message----- > From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of > Bob Minor > Sent: Wednesday, November 30, 2005 4:13 PM > To: WebDNA Talk > Subject: Re: Credit card arrangement > > > They wanna audit it as well. Use to be they controlled the software > etc. Now there are so many hands in the cookie jar, I have to store > it, my customer has to store it. We have had to go through numerous > network audits its not funny. > > We had a special device that cloaked our network, no one could tell > if a machine had open ports or not. We watched and maintained > honeypots etc. Well the credit card companies came in and said hey > all your stuff is vulnerable to attack. We no its not, we just dont' > let the outside world know what we are doing period. They made us put > in a visible and therefore more vulnerable firewall so that they > could see what we were doing to protect our network and the hosting/ > colocation customers. > > I think what they are doing is ultimately the right thing. I would > much prefer not to hold the CC at all or if I do on a machine that is > firewalled from the internet. I just don't want some wanker coming in > making us look bad by stealing all our credit card data. You can only > imagine the lawsuits that could result if you didn't take reasonable > efforts to secure the data. > > Now don't even get me started on the HIPAA crap! > > On Nov 30, 2005, at 5:20 PM, Bess Ho wrote: > >> I think Pat is concerned about storing card whenever it is encryped >> or not. So many new rules from visa and mastercard esp this year. > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Credit card arrangement ( Scott Szretter 2005)
  2. Re: Credit card arrangement ( Patrick McCormick 2005)
  3. Re: Credit card arrangement ( Patrick McCormick 2005)
  4. Re: Credit card arrangement ( "Bess Ho" 2005)
  5. Re: Credit card arrangement ( Bob Minor 2005)
  6. Re: Credit card arrangement ( Dale-List 2005)
  7. Re: Credit card arrangement ( Donovan Brooke 2005)
  8. Re: Credit card arrangement ( Donovan Brooke 2005)
  9. Re: Credit card arrangement ( Bob Minor 2005)
  10. Re: Credit card arrangement ( "Bess Ho" 2005)
  11. Re: Credit card arrangement ( Donovan Brooke 2005)
  12. Re: Credit card arrangement ( "Bess Ho" 2005)
  13. Re: Credit card arrangement ( Donovan Brooke 2005)
  14. Re: Credit card arrangement ( Donovan Brooke 2005)
  15. Re: Credit card arrangement ( "Bess Ho" 2005)
  16. Re: Credit card arrangement ( Patrick McCormick 2005)
  17. Re: Credit card arrangement ( Marc Thompson 2005)
  18. Re: Credit card arrangement ( Donovan Brooke 2005)
  19. Re: Credit card arrangement ( Bob Minor 2005)
  20. Re: Credit card arrangement ( Marc Thompson 2005)
  21. Re: Credit card arrangement ( Donovan Brooke 2005)
  22. Credit card arrangement ( Patrick McCormick 2005)
What about encrypting the CC# and date, and writing them to the client's computer, rather than storing them on the server? On Nov 30, 2005, at 8:23 PM, Bess Ho wrote: > Boy, Bob. I didn't know you have to deal with the HIPAA too. Are > you dealing with healthcare clients? > > We have "intelligence" system to process payment without storing > the card at site. It will be clean with HIPAA. It is not AuthorizeNet. > > If you are interested, we can talk offline. > > Bess > > -----Original Message----- > From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of > Bob Minor > Sent: Wednesday, November 30, 2005 4:13 PM > To: WebDNA Talk > Subject: Re: Credit card arrangement > > > They wanna audit it as well. Use to be they controlled the software > etc. Now there are so many hands in the cookie jar, I have to store > it, my customer has to store it. We have had to go through numerous > network audits its not funny. > > We had a special device that cloaked our network, no one could tell > if a machine had open ports or not. We watched and maintained > honeypots etc. Well the credit card companies came in and said hey > all your stuff is vulnerable to attack. We no its not, we just dont' > let the outside world know what we are doing period. They made us put > in a visible and therefore more vulnerable firewall so that they > could see what we were doing to protect our network and the hosting/ > colocation customers. > > I think what they are doing is ultimately the right thing. I would > much prefer not to hold the CC at all or if I do on a machine that is > firewalled from the internet. I just don't want some wanker coming in > making us look bad by stealing all our credit card data. You can only > imagine the lawsuits that could result if you didn't take reasonable > efforts to secure the data. > > Now don't even get me started on the HIPAA crap! > > On Nov 30, 2005, at 5:20 PM, Bess Ho wrote: > >> I think Pat is concerned about storing card whenever it is encryped >> or not. So many new rules from visa and mastercard esp this year. > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Patrick McCormick

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

docs for WebCatalog2 (1997) Re1000001: Setting up shop (1997) WC2/Mac -- Forms not submitting correctly with Mac browsers (1997) Re:2nd WebCatalog2 Feature Request (1996) OBDC Support (1997) apostrophe in search item (1997) off topic - dna snipets (1997) Security Issue (1997) ShowIf Question (1998) What am I doing wrong? (2000) b12 cannot limit records returned and more. (1997) File not found error message (1998) RE: WebCat name recognition (was MacFinder -- a new WebDNAweb site) (1998) WebCat2final1 crashes (1997) Webmerchant 2.1.3 startup questions, please (1999) Referrer field to header field conversion (1997) E-mail loop ! (1997) On AOL Account Security: Fwd: POSSIBLE PROBLEMS FOR AOL USERS (1998) RE:DatabaseHelper (1997) OT: Flash developer needed (2007)