Last week, I was contacted by someone to update the payment processing on their e-commerce site. The reason for the update is that the site is not PCI compliant.
I spoke with the client for a while to get an idea of what was really needed/wanted and quoted him a price. I will admit I padded the quote quite a bit since I was going to be diving into someone else's code. I have been bitten by this before and it has costs me a lot of money. I started getting everything set up locally and noticed that not only was this person storing credit card numbers and the 3 digit security code in the DB, but the DB was on a shared host. He sends me an email late Friday afternoon asking me to not start working as it will cost more than he wants to pay (I had already put in a few hours which he already said he will nto pay me for). My question is, I know the credit card information this guy's customers are supplying to him is not secure, do I have an ethical obligation to report him? -- Scott Stroz --------------- You can make things happen, you can watch things happen or you can wonder what the f*&k happened. - Cpt. Phil Harris http://xkcd.com/386/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:321651 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-community/unsubscribe.cfm
