Re: SetHeader not Working

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 67536
interpreted = N
texte = Bess - Many of us support sites that store credit card information, and have for a number of years. We have varying levels of security built in to our systems (encryption, password protection, temporary storage only, etc). If you have solid facts about any laws, regulations or security policies, and can point us at online or printed references to the real information, this would be greatly appreciated. Simply stating that you are "in the credit card business" and we are not allowed to store credit card info without some mysterious certification, and to "just trust my word for now" isn't enough. Co- opting unrelated discussion subjects and using phrases like "I have to ask around", "I remember vaguely" and "may involve Sing Sing" erodes any useful information or insights you are trying to provide. Cite your sources, if you have them, and we can determine whether our sites are in compliance, or how to make them so. Brian Fries BrainScan Software On Jun 20, 2006, at 10:45 AM, Bess Ho wrote: > I see you guys are really concern about storing cc. I have to ask > around because I am not so into it but am told about it. > > Violating HIPAA does involve Sing Sing (I remember vaguely). > > Identity Theft may involve Sing Sing. > > I guess the bottomline is you are more concern about Sing Sing. > Paying the fine is ok. > > -----Original Message----- > From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of > Dan Strong > Sent: Monday, June 19, 2006 9:06 PM > To: WebDNA Talk > Subject: Re: SetHeader not Working > > > Bess, > > HIPAA has to do with privacy relating to medical records (for > American ctizens): > http://www.hhs.gov/ocr/hipaa/ > > See how I cited a source for my info? > > Please do as John asked and cite your source. > > Thank you, > -Dan > > > > > On Mon, 19 Jun 2006 13:27:00 -0700 > "Bess Ho" wrote: >> I have to check with someone here on my end. I can't remember the >> detail. >> >> However, I think there are other laws involved. I am only guessing >> it is related to HIPAA or >> Identity Theft... >> >> I tend to think it is not about a good practice but there are laws >> about it. >> >> -----Original Message----- >> From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On >> Behalf Of >> John Peacock >> Sent: Monday, June 19, 2006 12:26 PM >> To: WebDNA Talk >> Subject: Re: SetHeader not Working >> >> >> Bess Ho wrote: >>> I lost my grandmother and I have to prepare and get ready for the >>> funeral in next few wks. >> >> I'm sorry for your loss. >> >>> I can't recall all the detail. Just trust my word for now. It is >>> not just a business policy. >> >> Are you thinking of the "Payment Card Industry Data Security >> Standards": >> >> http://tinyurl.com/5dzju >> >> (that's a link to Visa's pages, MasterCard has similar pages). The >> Secret Service is the government agency that investigates credit card >> fraud (but they don't get involved for anything less than $2000). >> The >> penalties under PCI/DSS are steep, but they are governed by >> *contract* >> law (i.e. the contract you signed, or more likely your CC >> aggregator, as >> a merchant), not *criminal* law. >> >> More to the point, here is a discussion on the Better Business >> Bureau's >> website: >> >> http://www.bbbonline.org/update/issue.asp?ID=59 >> >> that discusses PCI/DSS in detail (skip past the promotional copy for >> their overpriced ScanAlert service), and the expensive costs of being >> uncertified after a data breach. Nothing in this article mentions >> any >> criminal statute covering this. PCI/DSS is a _voluntary_ regime >> set up >> and managed by the credit card companies, and enforcement is strictly >> due to the contracts that merchants have to sign. Anyone who is >> using a >> credit card consolidation service should check with them for what >> rules >> that they require of their "customers" (i.e. you). >> >> John >> >> -- >> John Peacock >> Director of Information Research and Technology >> Rowman & Littlefield Publishing Group >> 4501 Forbes Boulevard >> Suite H >> Lanham, MD 20706 >> 301-459-3366 x.5010 >> fax 301-429-5748 >> ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: SetHeader not Working ( "Dan Strong" 2006)
  2. Re: SetHeader not Working ( "Bess Ho" 2006)
  3. Re: SetHeader not Working ( "Bess Ho" 2006)
  4. Re: SetHeader not Working ( Brian Fries 2006)
  5. Re: SetHeader not Working ( "Bess Ho" 2006)
  6. Re: SetHeader not Working ( Matthew Bohne 2006)
  7. Re: SetHeader not Working ( "Dan Strong" 2006)
  8. Re: SetHeader not Working ( Gary Krockover 2006)
  9. Re: SetHeader not Working ( Donovan Brooke 2006)
  10. Re: SetHeader not Working ( "Bess Ho" 2006)
  11. Re: SetHeader not Working ( "Bess Ho" 2006)
  12. Re: UCE: Re: SetHeader not Working ( Dale Lists 2006)
  13. Re: SetHeader not Working ( Dale Lists 2006)
  14. Re: SetHeader not Working ( Donovan Brooke 2006)
  15. Re: SetHeader not Working ( Sandie L Miller 2006)
  16. Re: SetHeader not Working ( Matthew Bohne 2006)
  17. Re: SetHeader not Working ( John Peacock 2006)
  18. Re: SetHeader not Working ( Matthew Bohne 2006)
  19. Re: SetHeader not Working ( Bob Minor 2006)
  20. Re: SetHeader not Working ( "Bess Ho" 2006)
  21. Re: SetHeader not Working ( John Peacock 2006)
  22. Re: SetHeader not Working ( "Bess Ho" 2006)
  23. Re: SetHeader not Working ( WJ Starck 2006)
  24. Re: SetHeader not Working ( Bob Minor 2006)
  25. Re: SetHeader not Working ( "Bess Ho" 2006)
  26. Re: SetHeader not Working ( Donovan Brooke 2006)
  27. Re: SetHeader not Working ( "Bess Ho" 2006)
  28. Re: SetHeader not Working ( WJ Starck 2006)
  29. Re: SetHeader not Working ( John Peacock 2006)
  30. Re: SetHeader not Working ( "Bess Ho" 2006)
  31. Re: SetHeader not Working ( Donovan Brooke 2006)
  32. Re: SetHeader not Working ( John Peacock 2006)
  33. Re: SetHeader not Working ( Donovan Brooke 2006)
  34. Re: SetHeader not Working ( Clint Davis 2006)
  35. Re: SetHeader not Working ( Clint Davis 2006)
  36. Re: SetHeader not Working ( WJ Starck 2006)
  37. SetHeader not Working ( Clint Davis 2006)
Bess - Many of us support sites that store credit card information, and have for a number of years. We have varying levels of security built in to our systems (encryption, password protection, temporary storage only, etc). If you have solid facts about any laws, regulations or security policies, and can point us at online or printed references to the real information, this would be greatly appreciated. Simply stating that you are "in the credit card business" and we are not allowed to store credit card info without some mysterious certification, and to "just trust my word for now" isn't enough. Co- opting unrelated discussion subjects and using phrases like "I have to ask around", "I remember vaguely" and "may involve Sing Sing" erodes any useful information or insights you are trying to provide. Cite your sources, if you have them, and we can determine whether our sites are in compliance, or how to make them so. Brian Fries BrainScan Software On Jun 20, 2006, at 10:45 AM, Bess Ho wrote: > I see you guys are really concern about storing cc. I have to ask > around because I am not so into it but am told about it. > > Violating HIPAA does involve Sing Sing (I remember vaguely). > > Identity Theft may involve Sing Sing. > > I guess the bottomline is you are more concern about Sing Sing. > Paying the fine is ok. > > -----Original Message----- > From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of > Dan Strong > Sent: Monday, June 19, 2006 9:06 PM > To: WebDNA Talk > Subject: Re: SetHeader not Working > > > Bess, > > HIPAA has to do with privacy relating to medical records (for > American ctizens): > http://www.hhs.gov/ocr/hipaa/ > > See how I cited a source for my info? > > Please do as John asked and cite your source. > > Thank you, > -Dan > > > > > On Mon, 19 Jun 2006 13:27:00 -0700 > "Bess Ho" wrote: >> I have to check with someone here on my end. I can't remember the >> detail. >> >> However, I think there are other laws involved. I am only guessing >> it is related to HIPAA or >> Identity Theft... >> >> I tend to think it is not about a good practice but there are laws >> about it. >> >> -----Original Message----- >> From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On >> Behalf Of >> John Peacock >> Sent: Monday, June 19, 2006 12:26 PM >> To: WebDNA Talk >> Subject: Re: SetHeader not Working >> >> >> Bess Ho wrote: >>> I lost my grandmother and I have to prepare and get ready for the >>> funeral in next few wks. >> >> I'm sorry for your loss. >> >>> I can't recall all the detail. Just trust my word for now. It is >>> not just a business policy. >> >> Are you thinking of the "Payment Card Industry Data Security >> Standards": >> >> http://tinyurl.com/5dzju >> >> (that's a link to Visa's pages, MasterCard has similar pages). The >> Secret Service is the government agency that investigates credit card >> fraud (but they don't get involved for anything less than $2000). >> The >> penalties under PCI/DSS are steep, but they are governed by >> *contract* >> law (i.e. the contract you signed, or more likely your CC >> aggregator, as >> a merchant), not *criminal* law. >> >> More to the point, here is a discussion on the Better Business >> Bureau's >> website: >> >> http://www.bbbonline.org/update/issue.asp?ID=59 >> >> that discusses PCI/DSS in detail (skip past the promotional copy for >> their overpriced ScanAlert service), and the expensive costs of being >> uncertified after a data breach. Nothing in this article mentions >> any >> criminal statute covering this. PCI/DSS is a _voluntary_ regime >> set up >> and managed by the credit card companies, and enforcement is strictly >> due to the contracts that merchants have to sign. Anyone who is >> using a >> credit card consolidation service should check with them for what >> rules >> that they require of their "customers" (i.e. you). >> >> John >> >> -- >> John Peacock >> Director of Information Research and Technology >> Rowman & Littlefield Publishing Group >> 4501 Forbes Boulevard >> Suite H >> Lanham, MD 20706 >> 301-459-3366 x.5010 >> fax 301-429-5748 >> ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Brian Fries

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] sem_open solved (2012) Sorting when searching with grouped fields (2002) Frames and WebCat (1997) Thanks ! (1997) GuestBook example (1997) Separate SSL Server (1997) absolute paths for databases? (1997) page redirect in webDNA (1997) too many nested [xxx] (1997) different show next (1997) shoppingcart reload qty (1997) Coding Standards - are there any ? (2003) back button problem (1999) Summing fields (1997) How old am I? (2004) Carrying over data? (1997) Type 11 errors setting up WebCAt 2 (1997) A link and two command (1998) [SHOWIF]s and empty arguments (1997) Search/sort in URL Was: GuestBook example (1997)