Re: Credit card arrangement

This WebDNA talk-list message is from

2005


It keeps the original formatting.
numero = 63531
interpreted = N
texte = What about encrypting the CC# and date, and writing them to the client's computer, rather than storing them on the server? On Nov 30, 2005, at 8:23 PM, Bess Ho wrote: > Boy, Bob. I didn't know you have to deal with the HIPAA too. Are > you dealing with healthcare clients? > > We have "intelligence" system to process payment without storing > the card at site. It will be clean with HIPAA. It is not AuthorizeNet. > > If you are interested, we can talk offline. > > Bess > > -----Original Message----- > From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of > Bob Minor > Sent: Wednesday, November 30, 2005 4:13 PM > To: WebDNA Talk > Subject: Re: Credit card arrangement > > > They wanna audit it as well. Use to be they controlled the software > etc. Now there are so many hands in the cookie jar, I have to store > it, my customer has to store it. We have had to go through numerous > network audits its not funny. > > We had a special device that cloaked our network, no one could tell > if a machine had open ports or not. We watched and maintained > honeypots etc. Well the credit card companies came in and said hey > all your stuff is vulnerable to attack. We no its not, we just dont' > let the outside world know what we are doing period. They made us put > in a visible and therefore more vulnerable firewall so that they > could see what we were doing to protect our network and the hosting/ > colocation customers. > > I think what they are doing is ultimately the right thing. I would > much prefer not to hold the CC at all or if I do on a machine that is > firewalled from the internet. I just don't want some wanker coming in > making us look bad by stealing all our credit card data. You can only > imagine the lawsuits that could result if you didn't take reasonable > efforts to secure the data. > > Now don't even get me started on the HIPAA crap! > > On Nov 30, 2005, at 5:20 PM, Bess Ho wrote: > >> I think Pat is concerned about storing card whenever it is encryped >> or not. So many new rules from visa and mastercard esp this year. > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Credit card arrangement ( Scott Szretter 2005)
  2. Re: Credit card arrangement ( Patrick McCormick 2005)
  3. Re: Credit card arrangement ( Patrick McCormick 2005)
  4. Re: Credit card arrangement ( "Bess Ho" 2005)
  5. Re: Credit card arrangement ( Bob Minor 2005)
  6. Re: Credit card arrangement ( Dale-List 2005)
  7. Re: Credit card arrangement ( Donovan Brooke 2005)
  8. Re: Credit card arrangement ( Donovan Brooke 2005)
  9. Re: Credit card arrangement ( Bob Minor 2005)
  10. Re: Credit card arrangement ( "Bess Ho" 2005)
  11. Re: Credit card arrangement ( Donovan Brooke 2005)
  12. Re: Credit card arrangement ( "Bess Ho" 2005)
  13. Re: Credit card arrangement ( Donovan Brooke 2005)
  14. Re: Credit card arrangement ( Donovan Brooke 2005)
  15. Re: Credit card arrangement ( "Bess Ho" 2005)
  16. Re: Credit card arrangement ( Patrick McCormick 2005)
  17. Re: Credit card arrangement ( Marc Thompson 2005)
  18. Re: Credit card arrangement ( Donovan Brooke 2005)
  19. Re: Credit card arrangement ( Bob Minor 2005)
  20. Re: Credit card arrangement ( Marc Thompson 2005)
  21. Re: Credit card arrangement ( Donovan Brooke 2005)
  22. Credit card arrangement ( Patrick McCormick 2005)
What about encrypting the CC# and date, and writing them to the client's computer, rather than storing them on the server? On Nov 30, 2005, at 8:23 PM, Bess Ho wrote: > Boy, Bob. I didn't know you have to deal with the HIPAA too. Are > you dealing with healthcare clients? > > We have "intelligence" system to process payment without storing > the card at site. It will be clean with HIPAA. It is not AuthorizeNet. > > If you are interested, we can talk offline. > > Bess > > -----Original Message----- > From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of > Bob Minor > Sent: Wednesday, November 30, 2005 4:13 PM > To: WebDNA Talk > Subject: Re: Credit card arrangement > > > They wanna audit it as well. Use to be they controlled the software > etc. Now there are so many hands in the cookie jar, I have to store > it, my customer has to store it. We have had to go through numerous > network audits its not funny. > > We had a special device that cloaked our network, no one could tell > if a machine had open ports or not. We watched and maintained > honeypots etc. Well the credit card companies came in and said hey > all your stuff is vulnerable to attack. We no its not, we just dont' > let the outside world know what we are doing period. They made us put > in a visible and therefore more vulnerable firewall so that they > could see what we were doing to protect our network and the hosting/ > colocation customers. > > I think what they are doing is ultimately the right thing. I would > much prefer not to hold the CC at all or if I do on a machine that is > firewalled from the internet. I just don't want some wanker coming in > making us look bad by stealing all our credit card data. You can only > imagine the lawsuits that could result if you didn't take reasonable > efforts to secure the data. > > Now don't even get me started on the HIPAA crap! > > On Nov 30, 2005, at 5:20 PM, Bess Ho wrote: > >> I think Pat is concerned about storing card whenever it is encryped >> or not. So many new rules from visa and mastercard esp this year. > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Patrick McCormick

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

MacFinder -- a new WebDNA web site (1998) [taxrate] question (1997) OT: Sending email to lots of subscribers (1999) Where is the bug fix info for 4.0.1? (2000) Lastautonumber (2005) WC2.0 Memory Requirements (1997) encryption madness (2003) PSC recommends what date format yr 2000??? (1997) WC2b12: Yes, Formulas.db is for real (1997) WebCat editing, SiteGuard & SiteEdit (1997) Exclude by date - multiple (1997) form crasehes server (1997) Problem with 2.1b3 (1997) [OT] "ID" in the URL scares Googlebot? (2003) AppleScript Error (2001) webcat (2000) More about BIAP W*API.... (1998) Error: Too many nested [xxx] contexts (1997) OFF-TOPIC: Check www.godaddy.com for me ... (2003) Database location (2002)