Re: Credit card arrangement
This WebDNA talk-list message is from 2005
It keeps the original formatting.
numero = 63531
interpreted = N
texte = What about encrypting the CC# and date, and writing them to the client's computer, rather than storing them on the server?On Nov 30, 2005, at 8:23 PM, Bess Ho wrote:> Boy, Bob. I didn't know you have to deal with the HIPAA too. Are > you dealing with healthcare clients?>> We have "intelligence" system to process payment without storing > the card at site. It will be clean with HIPAA. It is not AuthorizeNet.>> If you are interested, we can talk offline.>> Bess>> -----Original Message-----> From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of> Bob Minor> Sent: Wednesday, November 30, 2005 4:13 PM> To: WebDNA Talk> Subject: Re: Credit card arrangement>>> They wanna audit it as well. Use to be they controlled the software> etc. Now there are so many hands in the cookie jar, I have to store> it, my customer has to store it. We have had to go through numerous> network audits its not funny.>> We had a special device that cloaked our network, no one could tell> if a machine had open ports or not. We watched and maintained> honeypots etc. Well the credit card companies came in and said hey> all your stuff is vulnerable to attack. We no its not, we just dont'> let the outside world know what we are doing period. They made us put> in a visible and therefore more vulnerable firewall so that they> could see what we were doing to protect our network and the hosting/> colocation customers.>> I think what they are doing is ultimately the right thing. I would> much prefer not to hold the CC at all or if I do on a machine that is> firewalled from the internet. I just don't want some wanker coming in> making us look bad by stealing all our credit card data. You can only> imagine the lawsuits that could result if you didn't take reasonable> efforts to secure the data.>> Now don't even get me started on the HIPAA crap!>> On Nov 30, 2005, at 5:20 PM, Bess Ho wrote:>>> I think Pat is concerned about storing card whenever it is encryped>> or not. So many new rules from visa and mastercard esp this year.>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list
.> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com>> Web Archive of this list is at: http://webdna.smithmicro.com/>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com>> Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
What about encrypting the CC# and date, and writing them to the client's computer, rather than storing them on the server?On Nov 30, 2005, at 8:23 PM, Bess Ho wrote:> Boy, Bob. I didn't know you have to deal with the HIPAA too. Are > you dealing with healthcare clients?>> We have "intelligence" system to process payment without storing > the card at site. It will be clean with HIPAA. It is not AuthorizeNet.>> If you are interested, we can talk offline.>> Bess>> -----Original Message-----> From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of> Bob Minor> Sent: Wednesday, November 30, 2005 4:13 PM> To: WebDNA Talk> Subject: Re: Credit card arrangement>>> They wanna audit it as well. Use to be they controlled the software> etc. Now there are so many hands in the cookie jar, I have to store> it, my customer has to store it. We have had to go through numerous> network audits its not funny.>> We had a special device that cloaked our network, no one could tell> if a machine had open ports or not. We watched and maintained> honeypots etc. Well the credit card companies came in and said hey> all your stuff is vulnerable to attack. We no its not, we just dont'> let the outside world know what we are doing period. They made us put> in a visible and therefore more vulnerable firewall so that they> could see what we were doing to protect our network and the hosting/> colocation customers.>> I think what they are doing is ultimately the right thing. I would> much prefer not to hold the CC at all or if I do on a machine that is> firewalled from the internet. I just don't want some wanker coming in> making us look bad by stealing all our credit card data. You can only> imagine the lawsuits that could result if you didn't take reasonable> efforts to secure the data.>> Now don't even get me started on the HIPAA crap!>> On Nov 30, 2005, at 5:20 PM, Bess Ho wrote:>>> I think Pat is concerned about storing card whenever it is encryped>> or not. So many new rules from visa and mastercard esp this year.>>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com>> Web Archive of this list is at: http://webdna.smithmicro.com/>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com>> Web Archive of this list is at: http://webdna.smithmicro.com/>-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Patrick McCormick
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
docs for WebCatalog2 (1997)
Re1000001: Setting up shop (1997)
WC2/Mac -- Forms not submitting correctly with Mac browsers (1997)
Re:2nd WebCatalog2 Feature Request (1996)
OBDC Support (1997)
apostrophe in search item (1997)
off topic - dna snipets (1997)
Security Issue (1997)
ShowIf Question (1998)
What am I doing wrong? (2000)
b12 cannot limit records returned and more. (1997)
File not found error message (1998)
RE: WebCat name recognition (was MacFinder -- a new WebDNAweb site) (1998)
WebCat2final1 crashes (1997)
Webmerchant 2.1.3 startup questions, please (1999)
Referrer field to header field conversion (1997)
E-mail loop ! (1997)
On AOL Account Security: Fwd: POSSIBLE PROBLEMS FOR AOL USERS (1998)
RE:DatabaseHelper (1997)
OT: Flash developer needed (2007)